No more typing reviews! Try our Samantha, our new voice AI agent.
Microsoft Sentinel Logo

Microsoft Sentinel pros and cons

Vendor: Microsoft
4.1 out of 5
Badge Ranked 1
Leave a review

Pros & Cons summary

Microsoft Sentinel offers seamless integration with other Microsoft products, enhancing security capabilities with tools for detecting, investigating, and responding to incidents. It reduces human workload with automation and threat intelligence, although cost structure and integration with third-party tools are challenges. Machine learning improves threat detection, though delays in data ingestion and false positives are concerns. Documentation and training, especially on Kusto Query Language, require improvement for user ease.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Microsoft Sentinel offers seamless integration with other Microsoft products, enhancing security capabilities and providing a unified set of tools for detecting, investigating, and responding to incidents.
Its automation and threat intelligence features significantly reduce human workload, making threat management more efficient and less stressful.
The cost-effectiveness of Microsoft Sentinel allows organizations to access a robust security analytics platform without large upfront expenses, making it accessible to a wider range of customers.
Microsoft Sentinel's machine learning and AI capabilities provide advanced threat detection and analysis, improving security posture with minimal manual intervention.
The ability to correlate data from various sources enhances threat detection, offering proactive security measures and faster response to incidents.

CONS

Azure Sentinel faces challenges with integration and compatibility with third-party tools and non-Microsoft products.
The playbook development environment in Azure Sentinel is not as rich or user-friendly as required, making the creation and implementation process cumbersome.
Azure Sentinel's cost structure, based on data ingestion, is perceived as high, prompting concerns regarding its affordability compared to other traditional SIEM solutions.
There are issues with delays in data ingestion and false positives, leading to inefficiencies and potential misinterpretations of threat alerts.
Documentation and training for Azure Sentinel, particularly regarding Kusto Query Language (KQL), are perceived as inadequate, with a significant learning curve for users unfamiliar with the system.
 

Microsoft Sentinel Pros review quotes

MD
MarkDarwish
CEO at Danastar Professional Services, LLC
Jan 23, 2021
We have no complaints about the features or functionality.
Read full review
reviewer1404306 - PeerSpot reviewer
reviewer1404306
SOC Analyst at a wholesaler/distributor with 10,001+ employees
Feb 12, 2021
The pricing of the product is excellent.
Read full review
reviewer1342566 - PeerSpot reviewer
reviewer1342566
System Engineer at a tech vendor with 5,001-10,000 employees
Feb 24, 2021
In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store
Read full review
Buyer's Guide
Microsoft Sentinel
April 2026
Free Report: Microsoft Sentinel Reviews and More
Learn what your peers think about Microsoft Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.
DOWNLOAD NOW
886,976 professionals have used our research since 2012.
reviewer1537419 - PeerSpot reviewer
reviewer1537419
Domain Architect at a government with 5,001-10,000 employees
Apr 12, 2021
Free ingestion for Azure logs (with E5 licence)
Read full review
SI
Sami Isoaho
Principal Cloud Architect at Viria Security Oy
Jun 3, 2021
The UI-based analytics are excellent.
Read full review
it_user1604991 - PeerSpot reviewer
it_user1604991
Senior Microsoft 365 Consultant at The Collective Consulting
Jul 12, 2021
Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents.
Read full review
reviewer1655235 - PeerSpot reviewer
reviewer1655235
Director - Technology Risk & Cyber at a financial services firm with 10,001+ employees
Aug 23, 2021
It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things.
Read full review
it_user1691883 - PeerSpot reviewer
it_user1691883
Information Security Lead at Enerjisa Üretim
Oct 12, 2021
It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us.
Read full review
SM
Sean Moore
Lead Azure Sentinel Architect at a financial services firm with 10,001+ employees
Oct 14, 2021
The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance.
Read full review
reviewer1681203 - PeerSpot reviewer
reviewer1681203
Sr. Microsoft Solutions Specialist at a tech vendor with 1,001-5,000 employees
Oct 15, 2021
One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service.
Read full review
Show 10 more reviews (out of 106)
 

Microsoft Sentinel Cons review quotes

MD
MarkDarwish
CEO at Danastar Professional Services, LLC
Jan 23, 2021
I would like to be able to monitor applications outside of the Azure Cloud.
Read full review
reviewer1404306 - PeerSpot reviewer
reviewer1404306
SOC Analyst at a wholesaler/distributor with 10,001+ employees
Feb 12, 2021
The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to.
Read full review
reviewer1342566 - PeerSpot reviewer
reviewer1342566
System Engineer at a tech vendor with 5,001-10,000 employees
Feb 24, 2021
They could use some kind of workbook. There is some limitation doing the editing and creating the workbook.
Read full review
Buyer's Guide
Microsoft Sentinel
April 2026
Free Report: Microsoft Sentinel Reviews and More
Learn what your peers think about Microsoft Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.
DOWNLOAD NOW
886,976 professionals have used our research since 2012.
reviewer1537419 - PeerSpot reviewer
reviewer1537419
Domain Architect at a government with 5,001-10,000 employees
Apr 12, 2021
They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization.
Read full review
SI
Sami Isoaho
Principal Cloud Architect at Viria Security Oy
Jun 3, 2021
The on-prem log sources still require a lot of development.
Read full review
it_user1604991 - PeerSpot reviewer
it_user1604991
Senior Microsoft 365 Consultant at The Collective Consulting
Jul 12, 2021
The solution should allow for a streamlined CI/CD procedure.
Read full review
reviewer1655235 - PeerSpot reviewer
reviewer1655235
Director - Technology Risk & Cyber at a financial services firm with 10,001+ employees
Aug 23, 2021
Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification.
Read full review
it_user1691883 - PeerSpot reviewer
it_user1691883
Information Security Lead at Enerjisa Üretim
Oct 12, 2021
They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us.
Read full review
SM
Sean Moore
Lead Azure Sentinel Architect at a financial services firm with 10,001+ employees
Oct 14, 2021
If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies.
Read full review
reviewer1681203 - PeerSpot reviewer
reviewer1681203
Sr. Microsoft Solutions Specialist at a tech vendor with 1,001-5,000 employees
Oct 15, 2021
I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used.
Read full review
Show 10 more reviews (out of 106)

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Security Orchestration Automation and Response (SOAR)
Microsoft Security Suite
AI-Powered Cybersecurity Platforms

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Microsoft Sentinel Logo
CrowdStrike Falcon vs Microsoft Sentinel
Microsoft Intune vs Microsoft Sentinel Logo
Microsoft Intune vs Microsoft Sentinel
Microsoft Defender for Endpoint vs Microsoft Sentinel Logo
Microsoft Defender for Endpoint vs Microsoft Sentinel
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Cortex XDR by Palo Alto Networks vs Microsoft Sentinel Logo
Cortex XDR by Palo Alto Networks vs Microsoft Sentinel
Microsoft Entra ID vs Microsoft Sentinel Logo
Microsoft Entra ID vs Microsoft Sentinel
Splunk Enterprise Security vs Microsoft Sentinel Logo
Splunk Enterprise Security vs Microsoft Sentinel
Microsoft Defender for Cloud vs Microsoft Sentinel Logo
Microsoft Defender for Cloud vs Microsoft Sentinel
Darktrace vs Microsoft Sentinel Logo
Darktrace vs Microsoft Sentinel
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Elastic Security vs Microsoft Sentinel Logo
Elastic Security vs Microsoft Sentinel
Cribl vs Microsoft Sentinel Logo
Cribl vs Microsoft Sentinel
Microsoft Defender XDR vs Microsoft Sentinel Logo
Microsoft Defender XDR vs Microsoft Sentinel
Microsoft Purview Data Governance vs Microsoft Sentinel Logo
Microsoft Purview Data Governance vs Microsoft Sentinel
TrendAI Vision One vs Microsoft Sentinel Logo
TrendAI Vision One vs Microsoft Sentinel
See all alternatives

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Security Orchestration Automation and Response (SOAR)
Microsoft Security Suite
AI-Powered Cybersecurity Platforms

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Microsoft Sentinel Logo
CrowdStrike Falcon vs Microsoft Sentinel
Microsoft Intune vs Microsoft Sentinel Logo
Microsoft Intune vs Microsoft Sentinel
Microsoft Defender for Endpoint vs Microsoft Sentinel Logo
Microsoft Defender for Endpoint vs Microsoft Sentinel
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Cortex XDR by Palo Alto Networks vs Microsoft Sentinel Logo
Cortex XDR by Palo Alto Networks vs Microsoft Sentinel
Microsoft Entra ID vs Microsoft Sentinel Logo
Microsoft Entra ID vs Microsoft Sentinel
Splunk Enterprise Security vs Microsoft Sentinel Logo
Splunk Enterprise Security vs Microsoft Sentinel
Microsoft Defender for Cloud vs Microsoft Sentinel Logo
Microsoft Defender for Cloud vs Microsoft Sentinel
Darktrace vs Microsoft Sentinel Logo
Darktrace vs Microsoft Sentinel
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Elastic Security vs Microsoft Sentinel Logo
Elastic Security vs Microsoft Sentinel
Cribl vs Microsoft Sentinel Logo
Cribl vs Microsoft Sentinel
Microsoft Defender XDR vs Microsoft Sentinel Logo
Microsoft Defender XDR vs Microsoft Sentinel
Microsoft Purview Data Governance vs Microsoft Sentinel Logo
Microsoft Purview Data Governance vs Microsoft Sentinel
TrendAI Vision One vs Microsoft Sentinel Logo
TrendAI Vision One vs Microsoft Sentinel
See all alternatives
Related questions
  • 52
What are your approaches on Azure Sentinel content deployment automation?
  • 101
Which is better - Azure Sentinel or AWS Security Hub?
  • 201
Which solution do you prefer: Microsoft Sentinel or Palo Alto Networks Cortex XSOAR?
  • 107
What is a better choice, Splunk or Azure Sentinel?
  • 169
What Solution for SIEM is Best To Be NIST 800-171 Compliant?
  • 146
When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
  • 126
What are the main differences between Nessus and Arcsight?
  • 134
What's The Best Way to Trial SIEM Solutions?
  • 147
Which is the best SIEM solution for a government organization?
  • 476
What is the difference between IT event correlation and aggregation?