Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
We have noticed savings of approximately twenty percent by using Azure Bastion compared to VM pricing.
If a customer is already using Microsoft’s ecosystem, the ROI can be positive due to seamless integration.
Our MTTR, mean time to response, improved by forty to fifty percent. Earlier, medium-severity incidents took two to three hours to resolve. Now, after Microsoft Sentinel, it is forty to fifty-five minutes.
For example, time saving on incidents is 40 to 50%, and previously, incident analysis took two to three hours, whereas now it takes 30 to 60 minutes.
We usually get backup within two hours.
Support is satisfactory but with room for improvement, primarily concerning data transfer issues.
Microsoft invests significantly in support, which is crucial for companies.
I believe Microsoft could improve by keeping customer service within the US for Microsoft Sentinel customers who are within state and federal government sectors.
Working with a Sentinel engineer helped us tune settings effectively.
It is designed to provide access over a private network without hitting the internet.
There is no need to add hardware or redesign infrastructure because it is cloud-native.
As our organization uses Microsoft Azure and Defender, everything grows together, and we can integrate various features seamlessly.
Being a SaaS solution, the scalability of Microsoft Sentinel is robust.
Azure Bastion is stable.
I have never experienced any downtime, crashes, or performance issues with Microsoft Sentinel because it is SOC as a Service, so it maintains 100% uptime and scaling.
In the past two years, our team hasn't encountered any issues with the stability of Microsoft Sentinel from an operations perspective.
I need to be aware of deprecated connectors as they may disconnect, but the data continues to be sent with a need for quick adaptation.
I would like to see integrated AI features with Azure Bastion, especially for connectivity issues.
A storage solution must be created to transfer data, and this requires additional permissions like ACL or NFS.
It would be nice to have the capability to cut and paste across desktops, similar to old-fashioned Remote Desktop emulation.
Log ingestion and retention costs can grow quickly, and understanding which data source is driving cost is not always straightforward.
We have some tools, such as our off-site Meraki firewalls, that have not fully integrated with Sentinel.
There are complexities in calculating the right pricing tier for different customers, which makes it difficult for me as a consultant during upfront pricing.
Microsoft's pricing is on the higher side and could be more competitive.
The price is not necessarily cheaper, but it is acceptable.
It has been beneficial that Microsoft Sentinel is included as part of the Microsoft package, making it more cost-effective.
Microsoft Sentinel is not a low-cost SIEM.
Microsoft Sentinel is provided at no cost, so we didn't have any issues with the cost.
The most valuable feature of Azure Bastion is its security, which I find to be the best part.
The security is the main reason we use Azure Bastion because it is integrated with Azure Active Directory, ensuring that access is secure.
Azure Bastion eliminates the need for a jump server by providing secure access to servers without hitting the public network.
Microsoft Sentinel's ability to correlate data from multiple sources and its detection capabilities are essential.
Microsoft Sentinel has improved cost efficiency, which is one of the key areas we're able to win business against the ability to have threat intelligence.
Microsoft Sentinel's ability to correlate data from multiple sources enhances our threat detection capabilities beyond what is a simple data lake solution by filtering out the noise and consolidating the signal down to a meaningful level that is easier to investigate and see.
| Product | Mindshare (%) |
|---|---|
| Microsoft Sentinel | 4.8% |
| Azure Bastion | 2.0% |
| Other | 93.2% |
| Company Size | Count |
|---|---|
| Small Business | 5 |
| Midsize Enterprise | 1 |
| Large Enterprise | 6 |
| Company Size | Count |
|---|---|
| Small Business | 45 |
| Midsize Enterprise | 23 |
| Large Enterprise | 46 |
Azure Bastion offers secure, browser-based access to Azure virtual machines, eliminating the need for public IPs by integrating Azure Active Directory and role-based access control for efficient and secure management.
Azure Bastion provides a robust security layer for virtual machine access, leveraging Azure Active Directory for authentication while eliminating the need for traditional Jump servers. It streamlines permissions through role-based access control, enhancing administrative efficiency. Users value its capability to quickly provision VMs and utilize SSL tunneling for secure browser access, all while highlighting the interface's ease of use and stability. Azure Bastion is designed for companies of all sizes, effectively protecting virtual machine access within Azure environments.
What are the most important features of Azure Bastion?Companies in industries such as finance, healthcare, and technology frequently implement Azure Bastion to secure sensitive data and simplify remote management of IT resources. By facilitating internal connections to Azure virtual machines, they reduce risks associated with public network exposure, emphasizing security and legal compliance. Organizations benefit from Azure Bastion by efficiently managing IT setups that require stringent security protocols, such as remote desktop connections, ensuring their operations are both scalable and secure.
Microsoft Sentinel offers cloud-native SIEM and SOAR capabilities with AI-powered threat detection, automated responses, and integration with Microsoft products. It is designed for comprehensive threat management with flexible deployment and scalability.
Microsoft Sentinel provides centralized management of cloud-based security monitoring and incident detection. Leveraging AI capabilities, it enhances threat intelligence and automation, allowing users to streamline security operations across cloud and on-premises systems. Microsoft Sentinel efficiently aggregates logs, correlates security events from multiple sources, and integrates seamlessly with Microsoft security offerings such as Defender. While its flexible deployment options and robust automation through playbooks are advantageous, users may encounter challenges with integration outside of Microsoft products, potential log ingestion delays, and a complex query language. The platform would benefit from enhanced speed, a simplified interface, improved query performance, and stronger documentation support.
What are the most important features of Microsoft Sentinel?In specific industries, Microsoft Sentinel is utilized for its capability to monitor cloud-based workloads and detect incidents effectively. Users in healthcare, finance, and retail adopt it for its strong AI-driven threat detection and its ability to integrate with existing Microsoft solutions, ensuring high-level security operations and compliance with industry standards.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
