Try our new research platform with insights from 80,000+ expert users

Microsoft Defender for Cloud Apps vs Microsoft Sentinel comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.7
Microsoft Defender for Cloud Apps increases ROI with enhanced security, cost efficiency, seamless integration, and proactive application monitoring.
Sentiment score
7.2
Microsoft Sentinel ROI is mixed; challenges exist, but benefits include automation savings, enhanced security, and reduced staffing needs.
The biggest return on investment so far has been visibility, knowing what we have in our environment.
As a small team, Microsoft Defender for Cloud Apps allowed us to manage systems with just one or two people.
If a customer is already using Microsoft’s ecosystem, the ROI can be positive due to seamless integration.
Microsoft Azure was not fitting for short-term cost savings but promised a better ROI over three to five years for medium to large companies.
 

Customer Service

Sentiment score
7.2
Microsoft Defender for Cloud Apps support is knowledgeable but inconsistent, with delays and first-level engineers lacking problem-solving skills.
Sentiment score
6.7
Microsoft Sentinel's support is praised for quick response, with premium tiers offering expert help and strong community resources.
Their customer service is pretty good, but it's frustrating to go through three or four channels before reaching the right person.
The support is excellent, and the speed of response is commendable.
There were instances where the engineers were knowledgeable and helpful, but at other times it felt like a ping pong game, with unnecessary transfers until the right person was found.
Their solutions' integration simplifies resolving issues compared to those caused by third-party products.
Working with a Sentinel engineer helped us tune settings effectively.
When my team needs to escalate issues to Microsoft, especially for Microsoft Sentinel, the response is fast through their French entity.
 

Scalability Issues

Sentiment score
8.0
Microsoft Defender for Cloud Apps offers excellent scalability and integration, enhancing security and interoperability in diverse corporate environments.
Sentiment score
8.0
Microsoft Sentinel's cloud scalability enables effortless resource management and meets large-scale needs, making it ideal for extensive monitoring.
For what I know about the log collector and how much data it can take in, it is super scalable and capable of handling high workloads.
Microsoft Defender for Cloud Apps is very scalable, provided you have the right subscription.
In my experience, Microsoft Defender for Cloud Apps is good enough for small to medium businesses.
Office 365 and Exchange are running on it, covering about 35,000 users efficiently.
As our organization uses Microsoft Azure and Defender, everything grows together, and we can integrate various features seamlessly.
Being a SaaS solution, the scalability of Microsoft Sentinel is robust.
 

Stability Issues

Sentiment score
8.1
Microsoft Defender for Cloud Apps is praised for stability, reliability, minimal downtime, and user satisfaction despite rare external issues.
Sentiment score
7.8
Microsoft Sentinel is stable and reliable with 99.9%+ uptime; issues typically arise from external factors or misconfigurations.
I would rate it a ten because I have not experienced any stability issues so far with Defender for Cloud Apps.
Like any other Microsoft product, the uptime is good.
The current stability of Microsoft Defender for Cloud Apps is quite good.
So far, we have not experienced any issues, and it has been stable from the beginning.
In the past two years, our team hasn't encountered any issues with the stability of Microsoft Sentinel from an operations perspective.
I need to be aware of deprecated connectors as they may disconnect, but the data continues to be sent with a need for quick adaptation.
 

Room For Improvement

Microsoft Defender for Cloud Apps requires better integration, user-friendliness, pricing, and improved features like reporting, support, and threat detection.
Users recommend improvements to multi-tenancy, log ingestion, interface intuitiveness, and integration, with concerns over pricing and AI enhancement.
For data loss prevention, it would be useful to be able to drill down into the kind of data being transferred over CloudApp.
A significant improvement I would like to see is the integration into a single pane of glass.
Specifically, integration with CASB for on-premise and cloud did not work as anticipated back in 2019.
We have some tools, such as our off-site Meraki firewalls, that have not fully integrated with Sentinel.
Currently, we are happy to have a way in the middle with not so much cost, but it would be nice to have the ability to enhance the automation of workflows based on learned incidents.
There are complexities in calculating the right pricing tier for different customers, which makes it difficult for me as a consultant during upfront pricing.
 

Setup Cost

Microsoft Defender for Cloud Apps is cost-effective and competitive due to integration with Microsoft 365, despite pricing concerns.
Microsoft Sentinel offers scalable, cost-effective pricing with discounts, especially beneficial for E5 users and high-volume data ingestion.
The pricing for Microsoft Defender for Cloud Apps is acceptable.
My organization is currently revisiting pricing, but previously, the cost was a bit expensive, yet comparable to other solutions with similar functionalities and features.
It's not the cheapest, but also not the most expensive, placing it in the mid-level range.
Microsoft Sentinel offers more capabilities than Bastion, with a more intuitive experience.
Setting up the right cost model for customers is intricate, requiring careful consideration of various components and licensing tiers.
We already had the necessary licensing for Sentinel, so we didn't need to spend extra money.
 

Valuable Features

Microsoft Defender for Cloud Apps offers seamless integration, real-time threat detection, and enhanced security monitoring across platforms and applications.
Microsoft Sentinel offers seamless integration, AI-driven threat detection, automated responses, and scalability for efficient, comprehensive security management.
The ability to sanction unsanctioned apps using Secure Score benchmarking, included in Cloud, is also beneficial.
Microsoft Defender for Cloud Apps is very comprehensive, providing a complete 360-degree view of applications within an organization.
The most valuable features of Microsoft Defender for Cloud Apps include live, up-to-date information, which provided real-time alerts.
Custom workbooks are valuable. It is one of the crucial points in dealing with potential security threats in an automated way without requiring too much manpower.
The best feature of Microsoft Sentinel is its ability to unify all dashboards or functions into one modern SecOps dashboard.
The most valuable features for us include threat collection, threat detection, response, and the knowledge base for investigation.
 

Categories and Ranking

Microsoft Defender for Clou...
Ranking in Microsoft Security Suite
13th
Average Rating
8.4
Reviews Sentiment
7.3
Number of Reviews
37
Ranking in other categories
Cloud Access Security Brokers (CASB) (5th), Advanced Threat Protection (ATP) (12th)
Microsoft Sentinel
Ranking in Microsoft Security Suite
6th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
91
Ranking in other categories
Security Information and Event Management (SIEM) (3rd), Security Orchestration Automation and Response (SOAR) (1st), AI-Powered Cybersecurity Platforms (5th)
 

Mindshare comparison

As of April 2025, in the Microsoft Security Suite category, the mindshare of Microsoft Defender for Cloud Apps is 2.8%, up from 1.9% compared to the previous year. The mindshare of Microsoft Sentinel is 5.2%, down from 6.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Microsoft Security Suite
 

Featured Reviews

Jagadeesh Gunasekaran - PeerSpot reviewer
Saves us time, has good visibility, and a single dashboard
The solution is user-friendly and provides great visibility into threats. There are easy options available for specific workflow inspections. We can also get support by going through the Microsoft documentation, which is straightforward. Microsoft Defender for Cloud Apps helps us prioritize threats across our enterprise. It covers us from a compliance perspective and protects our organization's data. Data protection is a very important aspect of any new organization, as we need to protect our data from both external attacks and insider threats. Microsoft Defender for Cloud Apps helps us monitor for abnormal activity by insiders, which is one of the most important access points for attackers today. Additionally, the different cloud apps that Defender for Cloud Apps supports provide us with much more visibility into potential threats and activities on the internet. We have integrated Microsoft Defender for Cloud Apps alerts with Sentinel. The integration is straightforward. We can find the configuration details on Microsoft's official documentation website. If we are familiar with how Microsoft products work, we will be able to follow the instructions clearly. Microsoft Defender for Cloud Apps and Sentinel work natively together to deliver coordinated detection and response across our environment. Our integrated Microsoft solutions provide comprehensive threat protection, covering most of the tactics and techniques relevant to the MITRE ATT&CK framework. Sentinel allows us to ingest data from our entire ecosystem. When implementing an SIEM solution, there are always prerequisites such as Active Directory logs, security logs, firewall logs, and DNS logs. These are important logs that need to be ingested into the environment. Sentinel has many third-party connectors available that make integrations straightforward. Microsoft provides the configuration details in the Sentinel platform. It is important to integrate all relevant log sources into the SIEM solution so that we can detect and be alerted to any type of threat factor, whether it is from an internal or external source. Integrating third-party solutions into the platform requires a separate configuration, but Microsoft provides the necessary information. However, we need to have the appropriate permissions to execute these setups. Sentinel provides a centralized dashboard that covers threat management and configuration. It gives us complete insight into what entities are accessing, as well as full details for investigation. We can see how the alerts and threats are relevant to suspicious activities, whether they are related to malicious IP addresses, suspicious ASHAs, or any other indicators of compromise. All of this relevant data can be seen in a single pane. Recently, Microsoft introduced a new investigation experience in a single pane. This means that we can now get a lot of details in a single pane, without having to go there and execute a query. There are a lot of new insights being developed in the Sentinel platform these days. It has software intelligence. They recently introduced Microsoft Defender Threat Intelligence, which covers almost all IOCs. This protects organizational assets from threats and suspicious traffic associated with IOCs. If a match is found, alerts are generated. This is a very interesting feature. Another great feature is automation and logic apps. We can create a number of operations, such as posting in a team's channel if a severe incident occurs or sending an email notification. There are many operations available, so we can automate a lot of tasks. Microsoft Defender for Cloud Apps helps us stay compliant. It has predefined mechanisms in place to prevent attacks. For example, if an external user tries to access our SharePoint folders or files, an attack will be blocked. This is why it is important to give appropriate access to guest users. Microsoft Defender for Cloud Apps has many features and benefits. It provides a number of policies that can be configured to meet the specific needs of our security team. These policies can be used to customize cloud applications so that only authorized users can access them and perform operations that benefit the organization. In terms of safety and security, Microsoft Defender for Cloud Apps is top-notch. Using the solution's automation features, we can suppress false positive alerts. We can also close alerts, lower their severity from "high" to "low" or "informational," or close them immediately with the appropriate commands. This will depend on the configuration automation rule and the perspective from which we are testing. Microsoft Defender for Cloud Apps provides a single console. We are also provided with Microsoft templates to enable workbooks instantly. Alternatively, we can build our own customized workbooks to provide better insights and improve our SOC efficiency and overall performance. Consolidating all of our security data into one dashboard has saved our security operations team a significant amount of time. From an analyst's perspective, it is now much easier to correlate events, investigate alerts, and visualize specific entities. For example, an analyst can quickly see all of the alerts associated with a particular IP address, or they can view all of the activity for a specific entity over the past 24 hours or 7 days. This level of detail and insight would not be possible if our data were siloed in multiple dashboards. The single dashboard saves our operations approximately 20 hours per week by eliminating the need to access multiple consoles and tabs. Microsoft Defender for Cloud Apps threat intelligence can help us prepare for potential threats before they happen. However, it depends on how we develop the policies for the database to block or ignore things in our environment.
KrishnanKartik - PeerSpot reviewer
Every rule enriched at triggering stage, easing the job of SOC analyst
It's a Big Data security analytics platform. Among the unique features is the fact that it has built-in UEBA and analytical capabilities. It allows you to use the out-of-the-box machine learning and AI capabilities, but it also allows you to bring your own AI/ML, by bringing in your own IPs and allowing the platform to accept them and run that on top of it. In addition, the SOAR component is a pay-per-use model. Compared to any other product, where customization is not available, you can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today. Other vendors charge heavily for the SOAR, but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer. The SOAR engine also uniquely helps us to automate most of the incidents with automated enrichment and that cuts out the L1 analyst work. And combining M365 with Sentinel, if you want to call it integration, takes just a few clicks: "next, next finish." If it is all M365-native, it is a maximum of three or four steps and you'll be able to ingest all the logs into Sentinel. That is true even with AWS or GCP because most of the connectors are already available out-of-the-box. You just click, put in your subscription details, include your IAM, and you are finished. Within five to six steps, you can integrate AWS workloads and the logs can be ingested into Sentinel. When it comes to a third party specifically, such as log sources in a data center or on-premises, we need a log collector so that the logs can be forwarded to the Sentinel platform. And when it comes to servers or something where there is an agent for Windows or Linux, the agent can collect the logs and ship them to the Sentinel platform. I don't see any difficulties in integrating any of the log sources, even to the extent of collecting IoT log sources. Microsoft Defender for Cloud has multiple components such as Defender for Servers, Defender for PaaS, and Defender for databases. For customers in Azure, there are a lot of use cases specific to protecting workloads and PaaS and SaaS in Azure and beyond Azure, if a customer also has on-premises locations. There is EDR for Windows and Linux servers, and it even protects different kinds of containers. With Defender for Cloud, all these sources can be seamlessly integrated and you can then track the security incidents in Microsoft's XDR platform. That means you have one more workspace, under Azure, not Defender for Cloud, where you can see the security incidents. In addition, it can be integrated with Sentinel for EDR deep-dive analytics. It can also protect workloads in AWS. We have customers for whom we are protecting their AWS workloads. Even EKS, Elastic Kubernetes Service, on AWS can be integrated, as can the GKE (Google Kubernetes Engine). And with Defender for Cloud, security alert ingestion is free
report
Use our free recommendation engine to learn which Microsoft Security Suite solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
12%
Manufacturing Company
8%
Government
7%
Computer Software Company
16%
Financial Services Firm
11%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better security solution - Cisco Umbrella or Microsoft Cloud App Security?
Cisco Umbrella is an integral component of the Cisco SASE architecture. It integrates security in a single, cloud-native solution, unifying multiple features like DNS-layer security, threat intelli...
What do you like most about Microsoft Cloud App Security?
It does a great job of monitoring and maintaining a security baseline. For us, that is a key element. The notifications are pretty good.
What is your experience regarding pricing and costs for Microsoft Cloud App Security?
The pricing for Microsoft Defender for Cloud Apps is acceptable. If a product is of high quality, it justifies the expense.
Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
 

Also Known As

MS Cloud App Security, Microsoft Cloud App Security
Azure Sentinel
 

Overview

 

Sample Customers

Customers for Microsoft Defender for Cloud Apps include Accenture, St. Luke’s University Health Network, Ansell, and Nakilat.
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Find out what your peers are saying about Microsoft Defender for Cloud Apps vs. Microsoft Sentinel and other solutions. Updated: March 2025.
849,190 professionals have used our research since 2012.