Try our new research platform with insights from 80,000+ expert users

Microsoft Defender Threat Intelligence vs Microsoft Sentinel comparison

Microsoft Defender Threat Intelligence and Microsoft Sentinel are both solutions in the Microsoft Security Suite category. Microsoft Defender Threat Intelligence is ranked #16 with an average rating of 8.4, while Microsoft Sentinel is ranked #5 with an average rating of 8.4. Microsoft Defender Threat Intelligence holds a 0.4% mindshare in Microsoft Security Suite, compared to Microsoft Sentinel’s 5.4% mindshare. Additionally, 93% of Microsoft Defender Threat Intelligence users are willing to recommend the solution, compared to 93% of Microsoft Sentinel users who would recommend it.
Microsoft Defender Threat I...
Read 30 Microsoft Defender Threat Intelligence reviews
  • 524 Views
  • 292 Comparison Views
93% willing to recommend
Microsoft Sentinel
Read 89 Microsoft Sentinel reviews
  • 6,087 Views
  • 3,568 Comparison Views
93% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Microsoft Defender Threat Intelligence and Microsoft Sentinel based on real PeerSpot user reviews.

Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Microsoft Defender Threat Intelligence vs. Microsoft Sentinel Report (Updated: October 2024).
Buyer's Guide
Microsoft Defender Threat Intelligence vs. Microsoft Sentinel
October 2024
Download the complete report
Helped 824,067 peers since 2012
 

Categories and Ranking

Microsoft Defender Threat I...
Ranking in Microsoft Security Suite
16th
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
30
Ranking in other categories
Advanced Threat Protection (ATP) (11th), Threat Intelligence Platforms (4th)
Microsoft Sentinel
Ranking in Microsoft Security Suite
5th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
89
Ranking in other categories
Security Information and Event Management (SIEM) (3rd), Security Orchestration Automation and Response (SOAR) (1st), AI-Powered Cybersecurity Platforms (5th)
 

Mindshare comparison

As of December 2024, in the Microsoft Security Suite category, the mindshare of Microsoft Defender Threat Intelligence is 0.4%, down from 0.6% compared to the previous year. The mindshare of Microsoft Sentinel is 5.4%, down from 6.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Microsoft Security Suite
 

Featured Reviews

Renju Varghese - PeerSpot reviewer
Blocks incoming threats on the local PC or any cloud-based threats
We have an available agent running on our PCs that sends us notifications. We have a team that looks through the console, identifies the threats, and determines what needs to be done. The solution enables us to be on top of any upcoming threats. The solution also helps us to be proactive before threats impact several users. Microsoft Defender Threat Intelligence is deployed on the cloud in our organization. I would recommend the solution to other users. They should evaluate other products before choosing Microsoft Defender Threat Intelligence. The solution is good, but there are better products than Microsoft Defender Threat Intelligence. I rate the solution between seven and eight out of ten for its accuracy and the timeline of the threat intelligence data provided by the solution. The main benefit of using the solution is that it works well with a lot of other Microsoft products we are using. Overall, I rate the solution a seven or eight out of ten.
Read full review
Nitin Arora - PeerSpot reviewer
Gives us one place to investigate and respond to threats, and automation eliminates manual work
They can work on the EDR side of things. It is already really superb, because of the kinds of features we get with the EDR solution. It's not a standard EDR and they have recently enhanced things. But the problem is with onboarding devices. I have different OS flavors, including a large number of Linux, Windows, macOS, and some on-prem machines as well. Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work. They can eliminate having to do manual configuration for the machines, and check the different types of configurations for each OS. In some cases, it does not support some OSs. If they could reduce this type of work, that would be really amazing.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I rate the tool's stability a ten out of ten."
"The product's anti-spam and malware-scanning features are useful. We scan email attachments, documents, and malicious codes."
"The most valuable feature of the solution stems from the insight it provides."
"The technical support services are excellent."
"The product is useful when the end user downloads malware files."
"Microsoft Defender Threat Intelligence assesses machines for vulnerabilities and gives remediations."
"Microsoft's integration into the security stack works quite well."
"The solution blocks incoming threats on the local PC or any cloud-based threats."
More Microsoft Defender Threat Intelligence pros
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The automation feature is valuable."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"Sentinel pricing is good"
"We feel safe knowing that we have a solution that we can use to react in case of an emergency."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
More Microsoft Sentinel pros
 

Cons

"I would like to see more frequent updates, which is always better for security because of daily threats."
"The price point is something they can improve slightly for those who don't have an M 365 E5."
"Microsoft Defender Threat Intelligence is evolving and needs to fix and enhance numerous issues like stability and licensing. The continuous rebranding and licensing changes are confusing."
"One area that can be improved is reducing false positives."
"The software is expensive."
"I would like to see more AI features and capabilities."
"Non-Microsoft products may not integrate as smoothly."
"While the current setup meets our needs, Microsoft can constantly improve customization and adaptability to rapidly evolving cybersecurity threats."
More Microsoft Defender Threat Intelligence cons
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"The only thing is sometimes you can have a false positive."
"There is room for improvement in terms of integrations."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"I would like to see more AI used in processes."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
More Microsoft Sentinel cons
 

Pricing and Cost Advice

"They offer two license plans: Microsoft Defender for endpoints and Microsoft Defender for businesses."
"On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a six or seven out of ten."
"The pricing of the solution is good."
"It's reasonably priced, though there's room for further improvement."
"The solution can be licensed, but most users would already have it in their Office 365 license."
"I rate the product's price a six or seven on a scale of one to ten, where one is expensive, and ten is cheap."
"The product’s pricing is worth it."
"There is a need to make yearly payments towards the licensing charges attached to the product."
More Microsoft Defender Threat Intelligence pricing and cost advice
"Microsoft Sentinel requires an E5 license."
"Some of the licensing models can be a little bit difficult to understand and confusing at times, but overall it's a reasonable licensing model compared to some other SIEMs that charge you a lot per data."
"From a cost point of view, it is not a cheap product. It's, like, an enterprise-level application. So if you compare it with a low-level application, it's expensive, but if you compare it with the same-level application, it's pretty much cost-effective, I think."
"Sentinel's price is comparable to pretty much everything out there. None of it is cheap, but we didn't think we could save money by going a different route. Sentinel was part of our Azure expenditures, so it was easier to add the expense instead of having a completely separate vendor."
"Sentinel can be expensive. When you ingest data from sources that are outside of the cloud, you're paying a fair amount for that data ingestion. When you're ingesting data sources from within the cloud, depending on what your retention periods are, it's not that expensive."
"In comparison to other security solutions, Microsoft Sentinel offers a reasonable price for the features included."
"I have worked with a lot of SIEMs. We are using Sentinel three to four times more than other SIEMs that we have used. Azure Sentinel's only limitation is its price point. Sentinel costs a lot if your ingestion goes up to a certain point."
"Currently, given our use case, the cost of Sentinel is justified, but it is expensive."
More Microsoft Sentinel pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Microsoft Security Suite solutions are best for your needs.
See recommendations
824,067 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Financial Services Firm
11%
Educational Organization
10%
Government
9%
Computer Software Company
16%
Financial Services Firm
10%
Government
8%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Microsoft Defender Threat Intelligence?
It just runs in the background. I don't have to worry about, making sure it's Intelligence. So, you know, this kind of makes it very easy, have to worry about installing. It is easy to use.
See all answers
What needs improvement with Microsoft Defender Threat Intelligence?
There are weaknesses, and Microsoft is working on addressing them. Over the past three to four years, the ATP and other components have improved significantly, and the integration has also advanced...
See all answers
What is your primary use case for Microsoft Defender Threat Intelligence?
The product helps us monitor business devices for authentication and response on all endpoints, servers, passwords, and plans.
See all answers
Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
See all answers
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
See all answers
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
See all answers
 

Comparisons

Anomali vs Microsoft Defender Threat Intelligence Logo
Anomali vs Microsoft Defender Threat Intelligence
Compared 22% of the time
VirusTotal vs Microsoft Defender Threat Intelligence Logo
VirusTotal vs Microsoft Defender Threat Intelligence
Compared 18% of the time
Recorded Future vs Microsoft Defender Threat Intelligence Logo
Recorded Future vs Microsoft Defender Threat Intelligence
Compared 16% of the time
Cisco Threat Grid vs Microsoft Defender Threat Intelligence Logo
Cisco Threat Grid vs Microsoft Defender Threat Intelligence
Compared 12% of the time
ThreatConnect Threat Intelligence Platform (TIP) vs Microsoft Defender Threat Intelligence Logo
ThreatConnect Threat Intelligence Platform (TIP) vs Microsoft Defender Threat Intelligence
Compared 11% of the time
More Microsoft Defender Threat Intelligence Competitors
AWS Security Hub vs Microsoft Sentinel Logo
AWS Security Hub vs Microsoft Sentinel
Compared 21% of the time
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Compared 10% of the time
Cortex XSIAM vs Microsoft Sentinel Logo
Cortex XSIAM vs Microsoft Sentinel
Compared 7% of the time
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Compared 6% of the time
Google Chronicle Suite vs Microsoft Sentinel Logo
Google Chronicle Suite vs Microsoft Sentinel
Compared 5% of the time
More Microsoft Sentinel Competitors
 

Product Reports

Buyer's Guide
Microsoft Defender Threat Intelligence
December 2024
Microsoft Defender Threat Intelligence reportDownload Microsoft Defender Threat Intelligence product report
Buyer's Guide
Microsoft Sentinel
November 2024
Microsoft Sentinel reportDownload Microsoft Sentinel product report
 

Also Known As

No data available
Azure Sentinel
 

Learn More

Video not available
Microsoft
Microsoft
 

Overview

Microsoft Defender Threat Intelligence is a comprehensive security solution that provides organizations with real-time insights into the latest cyber threats. Leveraging advanced machine learning and artificial intelligence capabilities, it offers proactive threat detection and response, enabling businesses to stay one step ahead of attackers. With Microsoft Defender Threat Intelligence, organizations gain access to a vast array of threat intelligence data, including indicators of compromise (IOCs), security incidents, and emerging threats. This data is collected from a wide range of sources, such as Microsoft's global sensor network, industry partners, and security researchers, ensuring comprehensive coverage and accuracy. The solution's advanced analytics and machine learning algorithms analyze this threat intelligence data in real-time, identifying patterns, trends, and anomalies that may indicate a potential security breach. By continuously monitoring the network and endpoints, Microsoft Defender Threat Intelligence can quickly detect and respond to threats, minimizing the impact of attacks and reducing the time to remediation. 

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

 

Sample Customers

Information Not Available
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Buyer's Guide
Microsoft Defender Threat Intelligence vs. Microsoft Sentinel
October 2024
Free Report: Microsoft Defender Threat Intelligence vs. Microsoft Sentinel
Find out what your peers are saying about Microsoft Defender Threat Intelligence vs. Microsoft Sentinel and other solutions. Updated: October 2024.
DOWNLOAD NOW
824,067 professionals have used our research since 2012.
See our Microsoft Defender Threat Intelligence vs. Microsoft Sentinel report.
See our list of best Microsoft Security Suite vendors.

We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.