We are using mixed solutions. We are currently working with IBM solutions and Azure system services. We are using two SIEM solutions: Azure Sentinel and QRadar. Azure Sentinel is covering our cloud-based solutions, and QRadar is covering our on-premise solutions.
CS engineer at AYACOM
Comes with the SOAR capability, integrates with Azure AD and other Microsoft solutions, and is easy to deploy
Pros and Cons
- "The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
- "It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
What is our primary use case?
What is most valuable?
The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found.
It integrates with Azure AD, Power BI, and other Microsoft solutions. It is very good in our view.
What needs improvement?
It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools.
It can be expensive for customers. Currently, we are not using Sentinel to collect logs from on-premise devices. The main reason for that is the budget because you need to pay for the internet traffic. You also need to calculate how much you can upload to the Azure site.
For how long have I used the solution?
I have been using this solution for one year.
Buyer's Guide
Microsoft Sentinel
April 2025

Learn what your peers think about Microsoft Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
What do I think about the stability of the solution?
It is stable, but it is also related to your country. I'm working in Kazakhstan, and sometimes, we have some problems with the internet connection at the government level. Sometimes, for some reason, which could also be political, they disable the internet connection, and we lose the connection to the Azure environment. It might be good for our country to have a private link to the Azure cloud environment to avoid such cases.
How are customer service and support?
We have a lot of Microsoft partners who are helping us. Therefore, support is not a problem for us.
Which solution did I use previously and why did I switch?
We have QRadar for our on-premise solutions. QRadar has a lot of connectors out of the box. It has a lot of predefined and pre-deployed connectors that you can use.
QRadar also has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want.
QRadar supports using SQL queries. Sentinel uses KQL, but you need to learn it from scratch.
QRadar doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar.
How was the initial setup?
It was easy.
What about the implementation team?
We had some introduction to the system from a Microsoft Partner, but most of the analytics and playbooks were created by us.
What's my experience with pricing, setup cost, and licensing?
For us, it is not expensive at this time, but if we start to collect all logs from our on-premise SIEM solutions, it will cost more than QRadar. If we calculate its cost over the next five or ten years, it will cost more than what we paid for QRadar.
What other advice do I have?
Microsoft is proposing an identity management solution for Azure Active Directory systems and the Azure Cloud system, but we need an on-premise solution that can help us achieve the same with, for example, IBM. I know that Microsoft has a cloud-based solution, and previously, Microsoft provided an on-premise solution, but it is deprecated or no longer supported. It will be good to have such a service on-premises.
I would rate it an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner

Director - Technology Risk & Cyber at a financial services firm with 10,001+ employees
Efficient and helpful for identifying the security issues and responding quickly, but lacks simple documentation and specific training
Pros and Cons
- "It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
- "Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
What is our primary use case?
We internally do not use this solution. We provide advisory for Azure Sentinel because we are Microsoft's partner.
Our clients use it for Security Operations Centers. Some of the clients wish to build a Security Operation Center. They want to perform threat analysis and see that the environment is secure and monitor it. That's why we deploy SIEM solutions.
In terms of deployment, what we see here in Asia, specifically in Malaysia, are hybrid and public cloud deployments.
How has it helped my organization?
It helps our clients in enhancing their security.
What is most valuable?
It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things.
What needs improvement?
Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification.
For how long have I used the solution?
It has been almost three years.
What do I think about the stability of the solution?
It is stable. Those who have adopted it are okay with it.
What do I think about the scalability of the solution?
It is a cloud solution, so it is scalable.
How are customer service and support?
Most of us know how Microsoft operates. They are quite good at that.
How was the initial setup?
Its setup is of moderate complexity for me, but I have heard it is complex for others because of the query language and other things.
There is documentation, but I don't think Microsoft is providing a central point where everything is documented. In fact, there is no specific training or certification. There is Microsoft Secure training, but it is not so dedicated. All these things make it moderate.
What's my experience with pricing, setup cost, and licensing?
I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration.
What other advice do I have?
We see that a lot of clients are trying to explore more apart from Azure. Some of the clients are interested in Splunk. Some of the clients are interested in seeing what's available from AWS. This year is quite different in Malaysia because the government has opened up the adoption of public cloud in all sectors, especially in the financial sector. So, we are seeing new requirements coming up.
I would rate Azure Sentinel a seven out of 10.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Buyer's Guide
Microsoft Sentinel
April 2025

Learn what your peers think about Microsoft Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
System Engineer at Metsys
Enables us to protect the entire environment because it's based on machine learning
Pros and Cons
- "The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
What is our primary use case?
We use it to protect our Office 365 environment. We can also deploy it for the entire infrastructure, including on-premises, firewalls, and also users' devices.
I'm a partner with many customers using Sentinel. Some are small companies but I also have many banks that have implemented the solution.
How has it helped my organization?
It has helped to improve security posture because it's based on machine learning. You can protect the whole environment. While other solutions are based on rules, and you have to put rules in place to protect things, Sentinel is smarter because of the machine learning.
For example, one of my customers is a bank that was attacked by ransomware. They were using Symantec and it could not detect the attack. When we put in Sentinel, within 15 minutes it detected the malware and stopped the attack.
What is most valuable?
The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware.
For how long have I used the solution?
I have been using Microsoft Sentinel for one and a half years.
What do I think about the stability of the solution?
It's a stable solution.
What do I think about the scalability of the solution?
It's a cloud solution so Microsoft handles the scaling. We haven't had a problem with performance because Microsoft is in charge. It's done automatically.
How are customer service and support?
It's definitely the best technical support. When you open a new ticket you get a response within a maximum of one hour. You can open a case with Microsoft 24/7.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I used QRadar. I switched because QRadar is not smart and there was too much manual work.
How was the initial setup?
It's easy to implement and not very hard to put it into production.
The deployment time depends on the customer's needs. It can be deployed in one hour. But if they have many end users and many servers, it can take one week. After that, you have to wait for the machine learning to learn the environment and start the detection.
The implementation strategy also depends on the environment. If it is an Office 365 environment, we can start by protecting email, the shares, and the docs. After that, we can move to the end-user machines. But it depends on the project.
Deployment and maintenance requires a maximum of three people. One would be an admin, one would be a security leader to maintain the solution, and the third would be a project manager. It also depends on the project, but in general, there will be two or three people involved.
What's my experience with pricing, setup cost, and licensing?
It is certainly the most expensive solution. The cost is very high. We need to do an assessment using the one-month trial so that we can study the cost side. Before implementing it, we must do a careful calculation.
Something that could be improved is the documentation of the cost because there is none. All the other features are documented, but the pricing is not very clear.
The Office 365 connectors to Sentinel are free, as is the support.
Which other solutions did I evaluate?
Sentinel is generally the last option we go with because of the cost. Customers have their solutions but they contact us and say, "Okay, we have our solution but it's not smart. Can we move to Sentinel?"
What other advice do I have?
I recommend implementing Sentinel because it's certainly the most powerful SIEM tool. It detects all malware based on the behavior of many things, including the files and anomalies. It detects things automatically.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
SOC Principal Architect at Tieto Estonia
Goon online documentation, and easy to install but the price could be lower
Pros and Cons
- "What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
- "Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
What is our primary use case?
We use Microsoft Sentinel for providing managed services and for security use cases, which include detecting anomalies or security events and collecting security events from various data sources.
What is most valuable?
What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part. If you are running the Microsoft ecosystem, you are running Azure and Microsoft 365 and have all of the security providers in that environment, for example, the E5 license, then Sentinel can easily collect those events and handle them within the same Azure environment. That, I believe, is the key point here.
What needs improvement?
Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider.
It's a fairly mature product now.
Pricing could also improve, it's a bit expensive.
For how long have I used the solution?
I have been working with Microsoft Sentinel for approximately two years.
There are private tenants, but it is deployed in a public Cloud.
What do I think about the stability of the solution?
Microsoft Sentinel is a stable solution.
What do I think about the scalability of the solution?
Microsoft Sentinel is scalable. As it is in the cloud, you simply pay more. It's expensive, but it's very easy to scale.
How are customer service and support?
We haven't used Microsoft's technical support. We rely on the online knowledge base. Essentially, the entire internet is based on the information they have. As a result, we have never contacted technical support. It hasn't been required. I suppose it's fine. We didn't use technical support in that sense. I would say that it's good.
Which solution did I use previously and why did I switch?
I am familiar with SIEM.
We run several CM systems as well as a security operation center.
I have worked with Microsoft, IBM, and McAfee. McAfee has an older CM, and we use Elastic as well.
How was the initial setup?
Within the same cloud environment, it is very simple to set up and begin collecting data.
What's my experience with pricing, setup cost, and licensing?
Microsoft Sentinel is expensive.
What other advice do I have?
If you have the funds, I would recommend it. I think the pricing is important; it's quite expensive, but if you have that, I think I would recommend it. The advice is to think carefully about what data you send to the platform because it is costly. The price is data-driven, so make sure you know how much data you will send and that you only send what is required. That, I believe, is the key point.
We are Microsoft partners.
I would rate Microsoft Sentinel a seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Security Analyst at SecureOps
Has a fast log query feature and can detect what type of attack is occurring
Pros and Cons
- "The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
- "If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
What is our primary use case?
We actually use it for queuing logs and checking log systems that we have downloading from other devices to see if there are any issues. For example, if we get an alert, then we triage it and query the logs and the devices that we're looking for.
How has it helped my organization?
Microsoft Sentinel has greatly increased our security. We can quickly complete our investigation by using Sentinel and get to the results and escalation points.
What is most valuable?
The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases.
Microsoft Sentinel is able to figure out what type of attack is occurring. It will tell you whether it is a DDoS attack, whether someone's trying to scam the site, or if someone is doing a group force attack. That is, Microsoft Sentinel will actually tell you what it is based on the type of activities it's seeing on the web server. It's a smart tool.
If I'm typing queries, it knows what I'm looking for.
What needs improvement?
If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have.
For how long have I used the solution?
I just started using Microsoft Sentinel and have used it for two months.
What do I think about the stability of the solution?
As for availability, I haven't seen any downtime or any issues with the services yet. The stability looks like it's 99.9% and is great.
What do I think about the scalability of the solution?
I believe that Sentinel is good at scaling up their database or services. We are a large company with big data and have thousands of users.
Which solution did I use previously and why did I switch?
I have used Splunk, which has similar log type of queries. I feel that Sentinel is smarter. It is able to detect what type of attacks are occurring, unlike Splunk, which is just a query log tool.
There's Elastic ELK, which is similar to Splunk, but it isn't a smart tool like Sentinel is.
Sentinel is at the top of the tools that I've used so far in terms of smart tools.
What's my experience with pricing, setup cost, and licensing?
Pricing is pay-as-you-go with Sentinel, which is good because it all depends on the number of users and the number of devices to which you connect.
What other advice do I have?
If you're using the cloud and Azure, I would really recommend Sentinel as it will keep making sure that the devices that you have in your environment are safe. Sentinel is very smart at detecting what type of attack is occurring and is actually able to detect and tell us the type of hash file. It is is able to go on the internet, look at the virus total, and see if this is a virus, scam, or phishing. I like how it's able to detect it and how we can make it learn what type of spam or email issue query it is. So, it's a very adaptive type of tool.
I would rate Microsoft Sentinel at ten on a scale from one to ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sr. Microsoft Solutions Specialist at a tech vendor with 1,001-5,000 employees
A great service that provides an additional layer of protection and security for all on-prem and on-cloud data points
Pros and Cons
- "One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
- "I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
What is our primary use case?
Our clients use it for just an overall health check and security check for their deployments, whether it's on-prem or in Azure. Azure Sentinel basically collects the data from any kind of endpoint or server that is enrolled in the service, irrespective of whether they are on-prem or in the cloud. It can be laptop servers, virtual machines. It is a cloud solution, but it does extend to on-prem deployment.
I have been using the most up-to-date version.
What is most valuable?
One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service.
What needs improvement?
I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used.
For how long have I used the solution?
I have been using Azure Sentinel since it came out, so it has been at least a couple of years.
What do I think about the stability of the solution?
It is very stable. It has been around for a while, and it is a Microsoft product. So, it is pretty secure and pretty stable.
What do I think about the scalability of the solution?
Like all Azure services, it is definitely very scalable. You can very easily and very quickly enroll devices and other data points into Azure.
How are customer service and support?
Microsoft tech support is pretty good when it comes to Azure. It is really easy to open a ticket because you can do that right through the Azure portal. In addition, my company and other companies that kind of resell Azure services, oftentimes have our own help desk included with the consumption of Azure services. So, we have a 24/7 help desk that works on top of that. There are many managed services partners, like my company, that provide additional services in tech support on top of what Microsoft already has.
How was the initial setup?
It is very straightforward.
What's my experience with pricing, setup cost, and licensing?
It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics.
What other advice do I have?
For any customers who are either looking at Azure or already have Azure or Microsoft 365, this is a great service to look at because it does provide an additional layer of protection and security for all of their data points, whether they are on-prem or in the cloud.
I would rate Azure Sentinel a nine out of 10.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Technical Lead at a manufacturing company with 10,001+ employees
Powerful, with great performance and a seamless user experience
Pros and Cons
- "It's pretty powerful and its performance is pretty good."
- "If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
What is our primary use case?
We primarily use many Microsoft products, including Microsoft 365 with a focus on the security aspect. We have Defender for endpoints and Defender for servers. We also use Azure Sentinel with these.
How has it helped my organization?
This product has improved the way our organization functions. I won't be able to provide exact metrics as I don't directly work with metrics, however, from an improvement perspective, it is just a more streamlined deployment.
We also use Intune as part of the MDM. If there are any agents that need to be deployed, then we can use that or we can just configure Windows from MDM directly. A lot of things can be just set up out-of-the-box and are ready to go and it sends logs right to Azure Sentinel. Therefore, while I don't have hard numbers, it's definitely made deployments easier and is much less time-intensive for our organization.
What is most valuable?
Coming from other SIEM solutions, Sentinel seems to be pretty good.
It's pretty powerful and its performance is good.
The most powerful aspect is the whole integration with the Microsoft ecosystem. If you have the Microsoft 365 subscription, E5, then it integrates pretty seamlessly with everything you're trying to do.
You obviously have connectors with other third-party, non-Microsoft stuff as well. They have pretty good integration with those.
Azure Sentinel has a lot of built-in analytics rules, that help us get started in terms of triggering anomalous activity. In terms of performance, they're pretty fast. I've used QRadar and Splunk. Compared to Azure Sentinel those are pretty slow. Some searches in Sentinel are pretty instantaneous. For bigger searches, it's a very noticeable and impressive turnaround.
There are a lot of features that I don't touch just because I'm in the SOC. That said, I know customers have deployed different items that are quite useful.
The end-user experience is good. It's just pretty seamless. When I was onboarded, it was just a simple download and then a sign-in to my account. It'll basically configure everything for you and download the necessary stuff that the company has defined - including Defender, et cetera.
What needs improvement?
Microsoft needs to stop renaming their stuff. A lot of their products are very confusing due to the names they choose. The first time I heard of Defender I assumed it's just their antivirus, anti-malware, or a package that covers those things. However, there's Defender, Windows Defender, and then there's Defender for Endpoint, and there's also Defender for servers, et cetera. That really needs to be streamlined. As far as Defender's concerned, they want just a protective device. The differences are confusing.
Maybe it's a transitional choice, however, they've been doing a lot of migrations to a new portal in the security center or office privacy center. There's a bunch of portals where some things are repeated or duplicated. You have the same features in the portals, yet, in some cases, there are some things that you have to go to one portal and not the other, as it hasn't been migrated or the feature is just not there.
If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement.
For how long have I used the solution?
I've been using the solution for one year.
What do I think about the stability of the solution?
The stability is pretty good. However, there is one flaw. We did have an issue where Microsoft had some issues with some components that caused issues with their cloud. It might have been an authentication issue or something like that, however, it basically took down everything. We weren't able to work. While integration is good if something comes from one vendor and if that vendor goes down, then everyone is pretty unhappy.
What do I think about the scalability of the solution?
While at my previous organization we had about 50 or 60 users, as a small company, we had customers that could have users in the thousands.
I didn't notice any scalability issues, and therefore I assume it's quite good. With respect to Azure Sentinel, I've never had an issue.
As far as I know, we're using pretty much everything that Microsoft has from a security perspective. I don't know how we can expand anymore.
How are customer service and support?
I've never had to call technical support or reach out to technical support, therefore, I can't speak to how they operate.
Which solution did I use previously and why did I switch?
I've previously used SentinelOne for endpoints and antimalware, et cetera, and Splunk for the SIEM.
How was the initial setup?
I was specifically working in SOC; I was more responsible for the day-to-day operations. Unfortunately, I cannot speak to the deployment so much. I would not have information on the implementation strategy, for example.
What about the implementation team?
We handled the deployment internally.
What's my experience with pricing, setup cost, and licensing?
I was in the SOC. I don't deal directly with that pricing. They do have multiple licensing levels. It's just about knowing what you need. One good thing about Microsoft is that they do have quite a few options depending on your needs. That said, sometimes it could be hard to pick because there are so many.
As an organization, you need to understand the company's needs. For example, if you don't have a security team to look at your alerts or to set up all the stuff, then you probably don't need some of their most expensive services. You need to purchase the subscriptions accordingly if you're able to leverage them.
They have premium and enterprise subscription levels. I don't know what the standard would be. They have E3 and E5 level licensing. I don't know off the top of my head the differences, however, E5 likely has more security features. Companies need to be aware of all the differences.
Which other solutions did I evaluate?
I was not part of any evaluation process. I came to the company afterward.
What other advice do I have?
I'm not sure which version of the solution we're on. We have another team that does the deployment and they would take care of the versioning, et cetera, however, we usually run the latest.
Microsoft makes Windows. They know their stuff. Having everything streamlined can be time-saving. It's good to have an integrated system rather than using something else. You don't need to jump through a lot of hoops or install additional software in order to get everything up and running.
I'd rate the solution at an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
System Engineer at TIGER LOGIC
Shows users who are exposed to phishing attacks so you make some mitigation on that particular account
Pros and Cons
- "The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
- "It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
What is our primary use case?
For users that have been observing some malicious actions with their product and getting malicious mail, Azure Sentinel allows them to create a rule, which will show who exactly among their users is exposed to phishing attacks so that they can make some mitigation on that particular account.
There are about five people using this solution in my organization.
How has it helped my organization?
It helps to implement connectors for Microsoft solutions, available out of the box and providing real-time integration, including Microsoft 365 Defender (formerly Microsoft Threat Protection) solutions, and Microsoft 365 sources, including Office 365, Azure AD, Microsoft Defender for Identity (formerly Azure ATP), and Microsoft Defender for Cloud Apps, and more. In addition, there are built-in connectors to the broader security ecosystem for non-Microsoft solutions
What is most valuable?
The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards.
What needs improvement?
It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall.
For how long have I used the solution?
I have been using this solution for three years.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
It's very scalable.
How are customer service and support?
Technical support is good. Microsoft has engineers that are readily available to help you with a challenge.
How was the initial setup?
Initial setup was user friendly. I would rate it a 4 out of 5.
It's deployed by you onboarding your deliverables on the workload. For example, if you're using Office 365 or another third-party solution, you're going to upload those onto the server and have it protected with your Azure Sentinel.
It will draw logs from those your activities, and then bring it up as a workbook, where you can see into the actions on those programs you have onboarded on the Azure Sentinel.
What about the implementation team?
We use a third-party for implementation.
What was our ROI?
For ROI, I would rate it 4 out of 5.
What's my experience with pricing, setup cost, and licensing?
It's costly to maintain and renew.
It depends on how you want to pay for the solution. You can pay it on an annual basis or pay as you go, but I feel it's better to just keep it running as a product on your Azure subscription. If you have a $500 subscription, it will take part of your subscription.
What other advice do I have?
I would rate this solution 7 out of 10.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

Buyer's Guide
Download our free Microsoft Sentinel Report and get advice and tips from experienced pros
sharing their opinions.
Updated: April 2025
Product Categories
Security Information and Event Management (SIEM) Security Orchestration Automation and Response (SOAR) Microsoft Security Suite AI-Powered Cybersecurity PlatformsPopular Comparisons
CrowdStrike Falcon
Splunk Enterprise Security
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Rapid7 InsightIDR
Cortex XSIAM
Fortinet FortiSIEM
AlienVault OSSIM
Sumo Logic Security
Securonix Next-Gen SIEM
Google Chronicle Suite
ManageEngine Log360
Buyer's Guide
Download our free Microsoft Sentinel Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What are your approaches on Azure Sentinel content deployment automation?
- Which is better - Azure Sentinel or AWS Security Hub?
- Which solution do you prefer: Microsoft Sentinel or Palo Alto Networks Cortex XSOAR?
- What is a better choice, Splunk or Azure Sentinel?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- What's The Best Way to Trial SIEM Solutions?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?