No more typing reviews! Try our Samantha, our new voice AI agent.
Microsoft Sentinel Logo

Microsoft Sentinel pros and cons

Vendor: Microsoft
4.1 out of 5
Badge Ranked 1
Leave a review

Pros & Cons summary

Microsoft Sentinel enhances efficiency by reducing incident response time by up to 50% and streamlining threat detection with Microsoft integrations. Despite its efficacy in automation and data analysis, challenges exist, such as KQL complexity and integration issues with third-party systems. While the cost is significant, its ROI is valuable by lowering infrastructure costs. However, improvements in support and automation integration are needed to better assist IT administrators.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Microsoft Sentinel has improved efficiency, reducing incident response time by 40 to 50% and allowing faster detection of threats.
The integration capabilities of Microsoft Sentinel with other Microsoft products and external systems enhance its threat detection and response capabilities.
The automation features of Microsoft Sentinel, including built-in SOAR capabilities, reduce manual workload and improve response times to incidents.
Microsoft Sentinel offers powerful data correlation and analysis, enabling effective threat investigation and compliance reporting.
Microsoft Sentinel is cost-effective, providing ROI by reducing infrastructure costs and offering extensive integration options without enormous upfront costs.

CONS

Microsoft Sentinel's cost should be reduced, as it is considered quite expensive, particularly when additional features and services increase the overall expense.
Customers encounter integration challenges with third-party systems, lacking sufficient native connectors and sometimes causing discrepancies in data management.
The complexity of using KQL poses a challenge; a more user-friendly or alternative query language is necessary to accommodate users who are not proficient in KQL.
Microsoft Sentinel's automation capabilities need enhancement, including better integration with security products to facilitate use by IT administrators.
Technical support can be improved, specifically in responsiveness and understanding of features, as clients often face delays and obstacles in receiving effective solutions.
 

Microsoft Sentinel Pros review quotes

MD
MarkDarwish
CEO at Danastar Professional Services, LLC
Jan 23, 2021
We have no complaints about the features or functionality.
Read full review
reviewer1404306 - PeerSpot reviewer
reviewer1404306
SOC Analyst at a wholesaler/distributor with 10,001+ employees
Feb 12, 2021
The pricing of the product is excellent.
Read full review
reviewer1342566 - PeerSpot reviewer
reviewer1342566
System Engineer at a tech vendor with 5,001-10,000 employees
Feb 24, 2021
In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store
Read full review
Buyer's Guide
Microsoft Sentinel
April 2026
Free Report: Microsoft Sentinel Reviews and More
Learn what your peers think about Microsoft Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.
DOWNLOAD NOW
892,678 professionals have used our research since 2012.
reviewer1537419 - PeerSpot reviewer
reviewer1537419
Domain Architect at a government with 5,001-10,000 employees
Apr 12, 2021
Free ingestion for Azure logs (with E5 licence)
Read full review
SI
Sami Isoaho
Principal Cloud Architect at Viria Security Oy
Jun 3, 2021
The UI-based analytics are excellent.
Read full review
it_user1604991 - PeerSpot reviewer
it_user1604991
Senior Microsoft 365 Consultant at The Collective Consulting
Jul 12, 2021
Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents.
Read full review
reviewer1655235 - PeerSpot reviewer
reviewer1655235
Director - Technology Risk & Cyber at a financial services firm with 10,001+ employees
Aug 23, 2021
It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things.
Read full review
it_user1691883 - PeerSpot reviewer
it_user1691883
Information Security Lead at Enerjisa Üretim
Oct 12, 2021
It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us.
Read full review
SM
Sean Moore
Lead Azure Sentinel Architect at a financial services firm with 10,001+ employees
Oct 14, 2021
The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance.
Read full review
reviewer1681203 - PeerSpot reviewer
reviewer1681203
Sr. Microsoft Solutions Specialist at a tech vendor with 1,001-5,000 employees
Oct 15, 2021
One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service.
Read full review
Show 10 more reviews (out of 108)
 

Microsoft Sentinel Cons review quotes

MD
MarkDarwish
CEO at Danastar Professional Services, LLC
Jan 23, 2021
I would like to be able to monitor applications outside of the Azure Cloud.
Read full review
reviewer1404306 - PeerSpot reviewer
reviewer1404306
SOC Analyst at a wholesaler/distributor with 10,001+ employees
Feb 12, 2021
The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to.
Read full review
reviewer1342566 - PeerSpot reviewer
reviewer1342566
System Engineer at a tech vendor with 5,001-10,000 employees
Feb 24, 2021
They could use some kind of workbook. There is some limitation doing the editing and creating the workbook.
Read full review
Buyer's Guide
Microsoft Sentinel
April 2026
Free Report: Microsoft Sentinel Reviews and More
Learn what your peers think about Microsoft Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.
DOWNLOAD NOW
892,678 professionals have used our research since 2012.
reviewer1537419 - PeerSpot reviewer
reviewer1537419
Domain Architect at a government with 5,001-10,000 employees
Apr 12, 2021
They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization.
Read full review
SI
Sami Isoaho
Principal Cloud Architect at Viria Security Oy
Jun 3, 2021
The on-prem log sources still require a lot of development.
Read full review
it_user1604991 - PeerSpot reviewer
it_user1604991
Senior Microsoft 365 Consultant at The Collective Consulting
Jul 12, 2021
The solution should allow for a streamlined CI/CD procedure.
Read full review
reviewer1655235 - PeerSpot reviewer
reviewer1655235
Director - Technology Risk & Cyber at a financial services firm with 10,001+ employees
Aug 23, 2021
Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification.
Read full review
it_user1691883 - PeerSpot reviewer
it_user1691883
Information Security Lead at Enerjisa Üretim
Oct 12, 2021
They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us.
Read full review
SM
Sean Moore
Lead Azure Sentinel Architect at a financial services firm with 10,001+ employees
Oct 14, 2021
If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies.
Read full review
reviewer1681203 - PeerSpot reviewer
reviewer1681203
Sr. Microsoft Solutions Specialist at a tech vendor with 1,001-5,000 employees
Oct 15, 2021
I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used.
Read full review
Show 10 more reviews (out of 108)

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Security Orchestration Automation and Response (SOAR)
Microsoft Security Suite
AI-Powered Cybersecurity Platforms

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Microsoft Sentinel Logo
CrowdStrike Falcon vs Microsoft Sentinel
Microsoft Intune vs Microsoft Sentinel Logo
Microsoft Intune vs Microsoft Sentinel
Microsoft Defender for Endpoint vs Microsoft Sentinel Logo
Microsoft Defender for Endpoint vs Microsoft Sentinel
Cortex XDR by Palo Alto Networks vs Microsoft Sentinel Logo
Cortex XDR by Palo Alto Networks vs Microsoft Sentinel
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Splunk Enterprise Security vs Microsoft Sentinel Logo
Splunk Enterprise Security vs Microsoft Sentinel
Microsoft Entra ID vs Microsoft Sentinel Logo
Microsoft Entra ID vs Microsoft Sentinel
Microsoft Defender for Cloud vs Microsoft Sentinel Logo
Microsoft Defender for Cloud vs Microsoft Sentinel
Darktrace vs Microsoft Sentinel Logo
Darktrace vs Microsoft Sentinel
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Elastic Security vs Microsoft Sentinel Logo
Elastic Security vs Microsoft Sentinel
Cribl vs Microsoft Sentinel Logo
Cribl vs Microsoft Sentinel
Microsoft Defender XDR vs Microsoft Sentinel Logo
Microsoft Defender XDR vs Microsoft Sentinel
Microsoft Purview Data Governance vs Microsoft Sentinel Logo
Microsoft Purview Data Governance vs Microsoft Sentinel
TrendAI Vision One vs Microsoft Sentinel Logo
TrendAI Vision One vs Microsoft Sentinel
See all alternatives

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Security Orchestration Automation and Response (SOAR)
Microsoft Security Suite
AI-Powered Cybersecurity Platforms

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Microsoft Sentinel Logo
CrowdStrike Falcon vs Microsoft Sentinel
Microsoft Intune vs Microsoft Sentinel Logo
Microsoft Intune vs Microsoft Sentinel
Microsoft Defender for Endpoint vs Microsoft Sentinel Logo
Microsoft Defender for Endpoint vs Microsoft Sentinel
Cortex XDR by Palo Alto Networks vs Microsoft Sentinel Logo
Cortex XDR by Palo Alto Networks vs Microsoft Sentinel
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Splunk Enterprise Security vs Microsoft Sentinel Logo
Splunk Enterprise Security vs Microsoft Sentinel
Microsoft Entra ID vs Microsoft Sentinel Logo
Microsoft Entra ID vs Microsoft Sentinel
Microsoft Defender for Cloud vs Microsoft Sentinel Logo
Microsoft Defender for Cloud vs Microsoft Sentinel
Darktrace vs Microsoft Sentinel Logo
Darktrace vs Microsoft Sentinel
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Elastic Security vs Microsoft Sentinel Logo
Elastic Security vs Microsoft Sentinel
Cribl vs Microsoft Sentinel Logo
Cribl vs Microsoft Sentinel
Microsoft Defender XDR vs Microsoft Sentinel Logo
Microsoft Defender XDR vs Microsoft Sentinel
Microsoft Purview Data Governance vs Microsoft Sentinel Logo
Microsoft Purview Data Governance vs Microsoft Sentinel
TrendAI Vision One vs Microsoft Sentinel Logo
TrendAI Vision One vs Microsoft Sentinel
See all alternatives
Related questions
  • 62
What are your approaches on Azure Sentinel content deployment automation?
  • 107
Which is better - Azure Sentinel or AWS Security Hub?
  • 207
Which solution do you prefer: Microsoft Sentinel or Palo Alto Networks Cortex XSOAR?
  • 122
What is a better choice, Splunk or Azure Sentinel?
  • 182
What Solution for SIEM is Best To Be NIST 800-171 Compliant?
  • 161
When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
  • 136
What are the main differences between Nessus and Arcsight?
  • 156
What's The Best Way to Trial SIEM Solutions?
  • 158
Which is the best SIEM solution for a government organization?
  • 483
What is the difference between IT event correlation and aggregation?