No more typing reviews! Try our Samantha, our new voice AI agent.
reviewer1537419 - PeerSpot reviewer
Domain Architect at a government with 5,001-10,000 employees
Real User
Apr 12, 2021
Really good SIEM technology for Microsoft-centric organisations
Pros and Cons
  • "Free ingestion for Azure logs (with E5 licence)"
  • "It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
  • "It has basic out-of-the-box integrations with multiple log sources."
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
  • "Add more out-of-the-box connectors with other SaaS platforms/applications."
  • "They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
  • "There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."

What is our primary use case?

Security incident and event management. Threat detection and automated response.

It is a software as a service from Microsoft.

How has it helped my organization?

Reduced mean time to detect and resolve

Quickly able to cover a majority of mitre att&ck techniques

Free to ingest Azure logs with E5 license

What is most valuable?

Free ingestion for Azure logs (with E5 licence)

It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks.

It has basic out-of-the-box integrations with multiple log sources.

What needs improvement?

Add more out-of-the-box connectors with other SaaS platforms/applications.

Buyer's Guide
Microsoft Sentinel
June 2026
Learn what your peers think about Microsoft Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,996 professionals have used our research since 2012.

For how long have I used the solution?

12 months

What do I think about the stability of the solution?

No stability issues encountered.

What do I think about the scalability of the solution?

It is scalable as a SaaS offering, but there is a consumption cost to consider.

Cybersecurity team uses this on a daily basis.

How are customer service and support?

We work together very well with local MS Team.

How was the initial setup?

The initial setup was simple. All that was needed was to put agents onto our infrastructure.

Integration more complex for non-MS SaaS and OS, but do-able using middleware.

What about the implementation team?

It was done in-house.

It is an evergreen service.

What was our ROI?

What is the cost of lack of visibility?  Average cost of breach = $$$

What's my experience with pricing, setup cost, and licensing?

It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure

Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit.

Which other solutions did I evaluate?

Others were considered however being an E5 M365 and Azure user this was by far the preferred solution.

What other advice do I have?

It is fairly new but making a charge up the market anayses.  Should be considered if you have E5 licence due to native and 'free' ingestion of M365 logs.

We haven't used all of its capability yet because we haven't had the time yet to implement it all, and it appears that the MS roadmap for Sentinel is being actively invested in.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1877577 - PeerSpot reviewer
Information Security Officer at a computer software company with 11-50 employees
Real User
Oct 24, 2023
Good integrations, comprehensive and offers good visibility
Pros and Cons
  • "It has a lot of great features."
  • "We'd like also a better ticketing system, which is older."

What is our primary use case?

We primarily use the solution for security operations. 

What is most valuable?

It has a lot of great features. 

The integrations on offer are very good. They have a lot of frequent updates on the integrations as well. 

We also use other Microsoft products with it, such as Active Directory and Defender for Endpoint and Identity. Everything is well integrated together. The integration itself is seamless.

Its connectors are helpful.

We get good logs from the solution.

Threat visibility is good so far. We are able to prioritize threats based on many factors.

The comprehensiveness of the solution is good. 

What needs improvement?

The alert response could be better. We'd also like a better ticketing system, which is older.

For how long have I used the solution?

I've been using the solution for two years.

What other advice do I have?

I'd rate the solution nine out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Microsoft Sentinel
June 2026
Learn what your peers think about Microsoft Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,996 professionals have used our research since 2012.
reviewer1768875 - PeerSpot reviewer
Cyber Security Engineer at a performing arts with 1,001-5,000 employees
Real User
Feb 21, 2022
A straightforward solution that is helpful for an overview of the security fabric, but its implementation could be simpler
Pros and Cons
  • "We didn't have anything similar, so it really provides value from the incidents and automation point of view, and the overview of the security fabric is most valuable."
  • "Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."

What is our primary use case?

It is for tracking the logs. I'm working on automation. So, the use case basically includes logs, incidents, automation, UEBA, and endpoint integration with Office 365 Defender.

What is most valuable?

We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable.

What needs improvement?

Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex. 

For how long have I used the solution?

I just started using it. I have just set it up.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is scalable.

How are customer service and support?

I haven't dealt with Microsoft's tech support. I haven't reached out to them.

How was the initial setup?

It was of medium complexity. It wasn't too bad, but it can be complex because of the connectors.

What's my experience with pricing, setup cost, and licensing?

I don't know yet because they gave us a 30-day test window for free. 

What other advice do I have?

Because it is mainly artificial intelligence and machine learning, you would need some time to learn it. It is a good solution, and it is straightforward.

I would rate it a six out of 10. I haven't really dealt with other ones.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Harsimran Sidhu - PeerSpot reviewer
Security Analyst at SecureOps
Vendor
Jan 11, 2022
Has a fast log query feature and can detect what type of attack is occurring
Pros and Cons
  • "The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
  • "Microsoft Sentinel has greatly increased our security."
  • "If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."

What is our primary use case?

We actually use it for queuing logs and checking log systems that we have downloading from other devices to see if there are any issues. For example, if we get an alert, then we triage it and query the logs and the devices that we're looking for.

How has it helped my organization?

Microsoft Sentinel has greatly increased our security. We can quickly complete our investigation by using Sentinel and get to the results and escalation points.

What is most valuable?

The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases.

Microsoft Sentinel is able to figure out what type of attack is occurring. It will tell you whether it is a DDoS attack, whether someone's trying to scam the site, or if someone is doing a group force attack. That is, Microsoft Sentinel will actually tell you what it is based on the type of activities it's seeing on the web server. It's a smart tool.

If I'm typing queries, it knows what I'm looking for.

What needs improvement?

If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have.

For how long have I used the solution?

I just started using Microsoft Sentinel and have used it for two months.

What do I think about the stability of the solution?

As for availability, I haven't seen any downtime or any issues with the services yet. The stability looks like it's 99.9% and is great.

What do I think about the scalability of the solution?

I believe that Sentinel is good at scaling up their database or services. We are a large company with big data and have thousands of users.

Which solution did I use previously and why did I switch?

I have used Splunk, which has similar log type of queries. I feel that Sentinel is smarter. It is able to detect what type of attacks are occurring, unlike Splunk, which is just a query log tool.

There's Elastic ELK, which is similar to Splunk, but it isn't a smart tool like Sentinel is. 

Sentinel is at the top of the tools that I've used so far in terms of smart tools.

What's my experience with pricing, setup cost, and licensing?

Pricing is pay-as-you-go with Sentinel, which is good because it all depends on the number of users and the number of devices to which you connect.

What other advice do I have?

If you're using the cloud and Azure, I would really recommend Sentinel as it will keep making sure that the devices that you have in your environment are safe. Sentinel is very smart at detecting what type of attack is occurring and is actually able to detect and tell us the type of hash file. It is is able to go on the internet, look at the virus total, and see if this is a virus, scam, or phishing. I like how it's able to detect it and how we can make it learn what type of spam or email issue query it is. So, it's a very adaptive type of tool.

I would rate Microsoft Sentinel at ten on a scale from one to ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
it_user1604991 - PeerSpot reviewer
Senior Microsoft 365 Consultant at The Collective Consulting
Real User
Jul 12, 2021
Quick to set up with good automation and integrates well with Microsoft products
Pros and Cons
  • "Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
  • "The solution should allow for a streamlined CI/CD procedure."
  • "The cost can be a little confusing at first, but the Azure calculator is a great place to start."

What is our primary use case?

We are running an MDR service for our customers and use Azure Sentinel as the SIEM product to allow us to have an overview of all our customers, but also to easily push configurations to different customers.

We use Azure Sentinel as an alert aggregator to import all of the incidents/alerts from the different (Microsoft) security products in order to have a single pane of glass. On top of that, we create our own custom Analytics Rule that can be used to add our own added value. This enables us to create our own IP to protect customers. 

How has it helped my organization?

It's really convenient for us to aggregate the logs/alerts from all our customers into a single pane of glass. By using the automation capabilities, it's relatively easy to sync all incidents to our ITSM tool which we can use to follow up on incidents. As it's based on the Microsoft stack, it's convenient for our engineers to learn the product. As Azure Sentinel is also a big focus for Microsoft, we have the ability to work with them on certain products. This creates visibility within the community and for new customers.

What is most valuable?

There are three valuable aspects of the solution: MSSP support, integration with Microsoft, and Automation. By using Azure Lighthouse, an MSSP can easily integrate their applications into their own baseline of policies/configurations.

Because Sentinel is built as an MS-first product, it integrates natively with other Microsoft products, which is really convenient as we are standardized on it. Without much work, you can connect any Microsoft product to it. 

Last, but not least, Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents.

What needs improvement?

Azure Sentinel is constantly growing. Throughout the two years we have been using it, we have seen it expand tremendously. A lot of the limitations we had originally seen have already been mitigated. A couple of potential improvements could be: allow for a streamlined CI/CD procedure. Now it's a combination of using API/Powershell and ARM which is not ideal. Also, it should allow us to ingest on-prem logs by using a SaaS platform to ingest CEF/Syslog logs that also allow for prefiltering. This would allow us to minimize the cost of the solution.

For how long have I used the solution?

I've been using the solution for 1.5 years.

Which solution did I use previously and why did I switch?

We didn't use another SIEM product before Azure Sentinel. 

What's my experience with pricing, setup cost, and licensing?

The cost can be a little confusing at first, but the Azure calculator is a great place to start. I would advise to start with integrating Microsoft products first, as this is the most convenient way forward and allows you to learn the product as you go.

In general, Azure Sentinel can be set up really quickly.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer. We are a Microsoft partner
PeerSpot user
reviewer1342566 - PeerSpot reviewer
System Engineer at a tech vendor with 5,001-10,000 employees
Real User
Mar 11, 2021
Makes it easy to monitor and keep a track record for vulnerabilities
Pros and Cons
  • "In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
  • "Azure Sentinel is actually quite handy, and very adaptive to the market trends."
  • "They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
  • "Sometimes you will find some network issue and network error with the Azure Sentinel portal. That's the biggest drawback I found with the Sentinel."

What is our primary use case?

We use it on a public cloud. We have integrated Azure Lighthouse with Azure Sentinel Security. By integrating all of these, Azure Security Center and Azure Defender, we are providing an MSSP platform to our customers.

How has it helped my organization?

With other solutions, you see some restrictions for collecting the log from custom connectors. With Azure Sentinel, we do have some restrictions or sometimes we need to struggle with the connection, but there is no need to struggle with the log connection. There is 100% integration to your enterprise environment. This makes it easy to monitor and keep a track record for vulnerabilities and track whatever things are lurking in your network. They also have their custom alert tools, alerting the analytics team, where we can receive custom alerts based on our custom requirements. This has helped our organization a lot. Then with Azure Lighthouse, we can manage multiple customers with one platform, so on a single interface, we manage a number of customers that are using the Lighthouse service from the Azure.

What is most valuable?

In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store With Azure it is a built-in thing, so there is no need to go and search for another vendor or integrate your solution for the store with a third-party.

What needs improvement?

They could use some kind of workbook. There is some limitation doing the editing and creating the workbook. That would improve it. Sometimes you will find some network issue, and network error with the Azure Sentinel portal. That's the biggest drawback I found with the Sentinel. It would be great if would provide PIP platforms. They do have PI platforms but they don't have PIP.

For how long have I used the solution?

My organization partners with Microsoft, so we are working on an MSSP with Azure.

How are customer service and technical support?

The technical support for Azure Sentinel is quite good. You have one level up from the basic support so you will definitely get to Microsoft support directly and actually have a conversation with Microsoft technical guys for the support team and they will resolve your issues very quickly.

How was the initial setup?

The setup for Azure Sentinel is very straightforward. You only need a subscription and for that subscription, you just need the admin roles. So if you are an admin and if you do have the Microsoft certification, you can make a Microsoft Azure account then it's very easy to setup and it's very easy to onboard the Sentinel.

What other advice do I have?

Azure Sentinel s actually quite handy, and very adaptive to the market trends. Anyone who is looking for the same store, creating their complete security solution for their enterprise, for the effective security solution, and for data integration, they must go with the Azure Sentinel as they are going to get everything in one place. I would rate Azure Sentinel at an eight on a scale of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
reviewer1404306 - PeerSpot reviewer
SOC Analyst at a wholesaler/distributor with 10,001+ employees
Real User
Feb 12, 2021
Scalable and offers good pricing but needs a better user interface
Pros and Cons
  • "The pricing of the product is excellent."
  • "The product is extremely cost-effective and affordable for customers."
  • "The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."

What is our primary use case?

The primary use case is the same use case as Splunk.

Requirements differ. We're still doing fine-tuning. However, lots of users are added to its security group to note activities.

What is most valuable?

So far, the solution has been perfect. 

The pricing of the product is excellent.

So far, we have found the stability to be very good.

The solution, as a SIEM tool, has very good integration capabilities, at least, according to our needs.

What needs improvement?

We have just recently migrated to this product. We haven't used it long enough to note all of the features. Therefore, it would be impossible to note what is lacking just yet.

The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to.

For how long have I used the solution?

We've recently migrated to this solution. We've only been using it for a month.

What do I think about the stability of the solution?

The stability of the product is very good. It doesn't have bugs. It's not glitchy. It doesn't crash or freeze. It's been reliable so far.

What do I think about the scalability of the solution?

As a Microsoft product, customers get scalability and elasticity. We have policies in place, and, based on them, we can upgrade if we need to. A company shouldn't have issues scaling should they have the need to expand. 

Only the security team uses this product. It's not accessible for every user. We have a team of about 20.

We have just invested in the solution, and therefore we have plans to use it for the foreseeable future.

How are customer service and technical support?

We do have access to support, and if we need them, we can call on them. However, the solution is so new, we have yet to need their services. Therefore, I can't speak to their level of responsiveness or knowledgeability just yet.

How was the initial setup?

The installation is very straightforward and easy. It's not complex. It's a cloud deployment, and therefore, it is very quick. You just connect the APIs to the data center.

What's my experience with pricing, setup cost, and licensing?

The product is extremely cost-effective and affordable for customers.

I'm more on the technical side. Therefore, I don't have any insights into the actual cost or the structure of the license.

Which other solutions did I evaluate?

We looked at Splunk as well and compared to that solution, this one is less expensive.

What other advice do I have?

We're using the latest version of the solution.

Choosing this solution was a management decision. Due to cost-effectiveness, they opted for Azure Sentinel.

Whether this product would work for another organization or not depends on the company's requirements.

As it is still very early in terms of our experience with the solution, I would rate the product at a six out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
CEO at Danastar Professional Services, LLC
Real User
Jan 25, 2021
Included with Microsoft, and we have no complaints about functionality
Pros and Cons
  • "We have no complaints about the features or functionality."
  • "I would like to be able to monitor applications outside of the Azure Cloud."

What is our primary use case?

We are security system integrators. 

What is most valuable?

We have no complaints about the features or functionality.

What needs improvement?

Azure Sentinel, the Microsoft Azure product is, from what I understand, used for the Microsoft applications. I don't know if it works outside of the Microsoft Azure cloud.

I would like to be able to monitor applications outside of the Azure Cloud. That is one of the reasons one of the customers has multiple tools.

For how long have I used the solution?

I have been using Azure Sentinel for approximately one year.

What's my experience with pricing, setup cost, and licensing?

It's free. It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else. That'd be great if it was supporting other things.

What other advice do I have?

If it's a security integrator like us, quite often people push the client into buying different vendors' products and the client already has the tool in-house. Microsoft is one of those tools that most clients already have.

Many vendors, or integrators, that we know of, are not familiar with Microsoft Sentinel product classification security. So that's one thing I would encourage both potential customers, and users, to look into what suite of products do they have with existing Microsoft accounts that they have. 

Also, the integrators should be quite familiar with all the things that are available to their clients, so they don't have to invest tons of money in other tools.

Based on having no complaints, I would rate Azure Sentinel an eight out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Download our free Microsoft Sentinel Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2026
Buyer's Guide
Download our free Microsoft Sentinel Report and get advice and tips from experienced pros sharing their opinions.