Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
We have noticed savings of approximately twenty percent by using Azure Bastion compared to VM pricing.
If a customer is already using Microsoft’s ecosystem, the ROI can be positive due to seamless integration.
Our MTTR, mean time to response, improved by forty to fifty percent. Earlier, medium-severity incidents took two to three hours to resolve. Now, after Microsoft Sentinel, it is forty to fifty-five minutes.
We attribute our growth to Sentinel.
We usually get backup within two hours.
Support is satisfactory but with room for improvement, primarily concerning data transfer issues.
Their solutions' integration simplifies resolving issues compared to those caused by third-party products.
Microsoft invests significantly in support, which is crucial for companies.
Working with a Sentinel engineer helped us tune settings effectively.
It is designed to provide access over a private network without hitting the internet.
Office 365 and Exchange are running on it, covering about 35,000 users efficiently.
There is no need to add hardware or redesign infrastructure because it is cloud-native.
As our organization uses Microsoft Azure and Defender, everything grows together, and we can integrate various features seamlessly.
Azure Bastion is stable.
So far, we have not experienced any issues, and it has been stable from the beginning.
In the past two years, our team hasn't encountered any issues with the stability of Microsoft Sentinel from an operations perspective.
I need to be aware of deprecated connectors as they may disconnect, but the data continues to be sent with a need for quick adaptation.
I would like to see integrated AI features with Azure Bastion, especially for connectivity issues.
A storage solution must be created to transfer data, and this requires additional permissions like ACL or NFS.
It would be nice to have the capability to cut and paste across desktops, similar to old-fashioned Remote Desktop emulation.
Log ingestion and retention costs can grow quickly, and understanding which data source is driving cost is not always straightforward.
We have some tools, such as our off-site Meraki firewalls, that have not fully integrated with Sentinel.
Currently, we are happy to have a way in the middle with not so much cost, but it would be nice to have the ability to enhance the automation of workflows based on learned incidents.
Microsoft's pricing is on the higher side and could be more competitive.
The price is not necessarily cheaper, but it is acceptable.
It has been beneficial that Microsoft Sentinel is included as part of the Microsoft package, making it more cost-effective.
Microsoft Sentinel is not a low-cost SIEM.
Microsoft Sentinel offers more capabilities than Bastion, with a more intuitive experience.
The most valuable feature of Azure Bastion is its security, which I find to be the best part.
The security is the main reason we use Azure Bastion because it is integrated with Azure Active Directory, ensuring that access is secure.
Azure Bastion eliminates the need for a jump server by providing secure access to servers without hitting the public network.
Microsoft Sentinel's ability to correlate data from multiple sources and its detection capabilities are essential.
Microsoft Sentinel has improved cost efficiency, which is one of the key areas we're able to win business against the ability to have threat intelligence.
Microsoft Sentinel's ability to correlate data from multiple sources enhances our threat detection capabilities beyond what is a simple data lake solution by filtering out the noise and consolidating the signal down to a meaningful level that is easier to investigate and see.
| Product | Market Share (%) |
|---|---|
| Microsoft Sentinel | 4.7% |
| Azure Bastion | 1.5% |
| Other | 93.8% |
| Company Size | Count |
|---|---|
| Small Business | 5 |
| Midsize Enterprise | 1 |
| Large Enterprise | 6 |
| Company Size | Count |
|---|---|
| Small Business | 38 |
| Midsize Enterprise | 22 |
| Large Enterprise | 45 |
Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal. The Azure Bastion service is a fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines do not need a public IP address, agent, or special client software.
Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:
- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds
- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft
- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft
- Respond to incidents rapidly with built-in orchestration and automation of common tasks
To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
