We performed a comparison between Microsoft Defender for Endpoint and Microsoft Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft Defender for Endpoint has been secure and there is zero maintenance required because it updates with Microsoft Windows."
"I like Defender's reporting and logging features. The email alerts are also helpful. It's hard sometimes to sift through the email, especially if you're an IT firm managing hundreds if not thousands of endpoints, but we find email reporting useful. For example, last Tuesday, we learned of new vulnerabilities that were discovered as a result of the previous patches. The endpoints without those patches triggered alerts in Defender."
"It's an enterprise solution that provides a centralized console and it supports all the platforms that we use, including Windows, Linux, Mac, iOS, and Android."
"The patch updates and version updates are very good. Those happen on an automated basis whenever I'm connecting to the organization network, either through LAN or through the VPN."
"The antivirus is the most valuable feature."
"We are able to productively integrate with existing on-prem, hybrid, or cloud applications."
"The solution has good performance, I have not seen a problem."
"The solution's latest features for threat analysis are updated to provide us with future protection against the latest threats worldwide."
"The analytic rule is the most valuable feature."
"The UI-based analytics are excellent."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"It has basic out-of-the-box integrations with multiple log sources."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"We'd like the stability to be better."
"If you have multi-cloud like Google and AWS, the native solutions are better for those particular cases."
"We need better support to learn about the product. Documentation is available, but we need some kind of training program so that we can get a better understanding of the product."
"The reporting in Microsoft Defender for Endpoint should improve. The solution has limited features."
"In terms of improvement, they update the platform it seems quite a bit. Every month something is in a new spot or something changed somewhere. There should be less of that."
"The product development team makes frequent changes that affect the stability of the solution."
"The file scanning has room for improvement. Many people use macros within their files, so there should be a mechanism that helps us to scan them for malicious payloads."
"Microsoft Defender for Endpoint is not as robust, and you cannot customize it much, so that's a challenge."
"We'd like also a better ticketing system, which is older."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"The AI capabilities must be improved."
"The troubleshooting has room for improvement."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"The solution could improve the playbooks."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 5th in Microsoft Security Suite with 182 reviews while Microsoft Sentinel is ranked 6th in Microsoft Security Suite with 85 reviews. Microsoft Defender for Endpoint is rated 8.0, while Microsoft Sentinel is rated 8.2. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, SentinelOne Singularity Complete, CrowdStrike Falcon and Cortex XDR by Palo Alto Networks, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and ServiceNow Security Operations. See our Microsoft Defender for Endpoint vs. Microsoft Sentinel report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.