Try our new research platform with insights from 80,000+ expert users
Microsoft Sentinel Logo

Microsoft Sentinel pros and cons

Vendor: Microsoft
4.1 out of 5
Badge Ranked 1
Leave a review

Pros & Cons summary

Microsoft Sentinel offers seamless integration with Microsoft products and third-party systems, leveraging SOAR capabilities and machine learning for effective threat detection. It centralizes logs for enhanced intelligence, utilizing Kusto Query Language for deeper insights. Despite scalability and performance strengths, challenges include integration with SaaS providers, alert delays, complex playbook management, and insufficient documentation. Pricing concerns persist, requiring better cost management for tech buyers. Improvements in these areas could enhance user experience.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Microsoft Sentinel provides seamless integration with other Microsoft products and third-party systems.
The most valuable features include automation through SOAR capabilities and machine learning for efficient threat detection and response.
Microsoft Sentinel centralizes logs from multiple sources, enhancing threat intelligence and correlation.
The inclusion of Kusto Query Language significantly improves data analysis and insights.
Microsoft Sentinel offers excellent scalability, cost efficiency, and performance with native cloud architecture.

CONS

Microsoft Sentinel requires better integration with other SaaS providers and seamless third-party integrations.
There are delays in alert ingestion and log delivery that need to be minimized for efficient operation.
Pricing and cost management present significant challenges and are a concern for many customers.
The creation and management of playbooks and workbooks are complex, requiring a more user-friendly development environment.
The documentation is insufficient, particularly for those not closely aligned with Microsoft, making it necessary to improve the clarity and comprehensiveness of guides and resources.
 

Microsoft Sentinel Pros review quotes

MD
MarkDarwish
CEO at Danastar Professional Services, LLC
Jan 23, 2021
We have no complaints about the features or functionality.
Read full review
reviewer1404306 - PeerSpot reviewer
reviewer1404306
SOC Analyst at a wholesaler/distributor with 10,001+ employees
Feb 12, 2021
The pricing of the product is excellent.
Read full review
reviewer1342566 - PeerSpot reviewer
reviewer1342566
System Engineer at a tech vendor with 5,001-10,000 employees
Feb 24, 2021
In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store
Read full review
Buyer's Guide
Microsoft Sentinel
January 2026
Free Report: Microsoft Sentinel Reviews and More
Learn what your peers think about Microsoft Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.
DOWNLOAD NOW
881,082 professionals have used our research since 2012.
reviewer1537419 - PeerSpot reviewer
reviewer1537419
Domain Architect at a government with 5,001-10,000 employees
Apr 12, 2021
Free ingestion for Azure logs (with E5 licence)
Read full review
SI
Sami Isoaho
Principal Cloud Architect at Viria Security Oy
Jun 3, 2021
The UI-based analytics are excellent.
Read full review
reviewer1604991 - PeerSpot reviewer
reviewer1604991
Senior Microsoft 365 Consultant at The Collective Consulting
Jul 12, 2021
Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents.
Read full review
reviewer1655235 - PeerSpot reviewer
reviewer1655235
Director - Technology Risk & Cyber at a financial services firm with 10,001+ employees
Aug 23, 2021
It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things.
Read full review
GO
Guray Oguzgiray
Information Security Lead at Enerjisa Üretim
Oct 12, 2021
It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us.
Read full review
SM
Sean Moore
Lead Azure Sentinel Architect at a financial services firm with 10,001+ employees
Oct 14, 2021
The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance.
Read full review
reviewer1681203 - PeerSpot reviewer
reviewer1681203
Sr. Microsoft Solutions Specialist at a tech vendor with 1,001-5,000 employees
Oct 15, 2021
One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service.
Read full review
Show 10 more reviews (out of 102)
 

Microsoft Sentinel Cons review quotes

MD
MarkDarwish
CEO at Danastar Professional Services, LLC
Jan 23, 2021
I would like to be able to monitor applications outside of the Azure Cloud.
Read full review
reviewer1404306 - PeerSpot reviewer
reviewer1404306
SOC Analyst at a wholesaler/distributor with 10,001+ employees
Feb 12, 2021
The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to.
Read full review
reviewer1342566 - PeerSpot reviewer
reviewer1342566
System Engineer at a tech vendor with 5,001-10,000 employees
Feb 24, 2021
They could use some kind of workbook. There is some limitation doing the editing and creating the workbook.
Read full review
Buyer's Guide
Microsoft Sentinel
January 2026
Free Report: Microsoft Sentinel Reviews and More
Learn what your peers think about Microsoft Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.
DOWNLOAD NOW
881,082 professionals have used our research since 2012.
reviewer1537419 - PeerSpot reviewer
reviewer1537419
Domain Architect at a government with 5,001-10,000 employees
Apr 12, 2021
They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization.
Read full review
SI
Sami Isoaho
Principal Cloud Architect at Viria Security Oy
Jun 3, 2021
The on-prem log sources still require a lot of development.
Read full review
reviewer1604991 - PeerSpot reviewer
reviewer1604991
Senior Microsoft 365 Consultant at The Collective Consulting
Jul 12, 2021
The solution should allow for a streamlined CI/CD procedure.
Read full review
reviewer1655235 - PeerSpot reviewer
reviewer1655235
Director - Technology Risk & Cyber at a financial services firm with 10,001+ employees
Aug 23, 2021
Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification.
Read full review
GO
Guray Oguzgiray
Information Security Lead at Enerjisa Üretim
Oct 12, 2021
They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us.
Read full review
SM
Sean Moore
Lead Azure Sentinel Architect at a financial services firm with 10,001+ employees
Oct 14, 2021
If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies.
Read full review
reviewer1681203 - PeerSpot reviewer
reviewer1681203
Sr. Microsoft Solutions Specialist at a tech vendor with 1,001-5,000 employees
Oct 15, 2021
I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used.
Read full review
Show 10 more reviews (out of 102)

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Security Orchestration Automation and Response (SOAR)
Microsoft Security Suite
AI-Powered Cybersecurity Platforms

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Microsoft Sentinel Logo
CrowdStrike Falcon vs Microsoft Sentinel
Microsoft Intune vs Microsoft Sentinel Logo
Microsoft Intune vs Microsoft Sentinel
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Microsoft Defender for Endpoint vs Microsoft Sentinel Logo
Microsoft Defender for Endpoint vs Microsoft Sentinel
Microsoft Entra ID vs Microsoft Sentinel Logo
Microsoft Entra ID vs Microsoft Sentinel
Splunk Enterprise Security vs Microsoft Sentinel Logo
Splunk Enterprise Security vs Microsoft Sentinel
Microsoft Defender for Cloud vs Microsoft Sentinel Logo
Microsoft Defender for Cloud vs Microsoft Sentinel
Darktrace vs Microsoft Sentinel Logo
Darktrace vs Microsoft Sentinel
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Cortex XDR by Palo Alto Networks vs Microsoft Sentinel Logo
Cortex XDR by Palo Alto Networks vs Microsoft Sentinel
Microsoft Purview Data Governance vs Microsoft Sentinel Logo
Microsoft Purview Data Governance vs Microsoft Sentinel
Microsoft Defender XDR vs Microsoft Sentinel Logo
Microsoft Defender XDR vs Microsoft Sentinel
Elastic Security vs Microsoft Sentinel Logo
Elastic Security vs Microsoft Sentinel
Cribl vs Microsoft Sentinel Logo
Cribl vs Microsoft Sentinel
Azure Key Vault vs Microsoft Sentinel Logo
Azure Key Vault vs Microsoft Sentinel
See all alternatives

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Security Orchestration Automation and Response (SOAR)
Microsoft Security Suite
AI-Powered Cybersecurity Platforms

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Microsoft Sentinel Logo
CrowdStrike Falcon vs Microsoft Sentinel
Microsoft Intune vs Microsoft Sentinel Logo
Microsoft Intune vs Microsoft Sentinel
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Microsoft Defender for Endpoint vs Microsoft Sentinel Logo
Microsoft Defender for Endpoint vs Microsoft Sentinel
Microsoft Entra ID vs Microsoft Sentinel Logo
Microsoft Entra ID vs Microsoft Sentinel
Splunk Enterprise Security vs Microsoft Sentinel Logo
Splunk Enterprise Security vs Microsoft Sentinel
Microsoft Defender for Cloud vs Microsoft Sentinel Logo
Microsoft Defender for Cloud vs Microsoft Sentinel
Darktrace vs Microsoft Sentinel Logo
Darktrace vs Microsoft Sentinel
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Cortex XDR by Palo Alto Networks vs Microsoft Sentinel Logo
Cortex XDR by Palo Alto Networks vs Microsoft Sentinel
Microsoft Purview Data Governance vs Microsoft Sentinel Logo
Microsoft Purview Data Governance vs Microsoft Sentinel
Microsoft Defender XDR vs Microsoft Sentinel Logo
Microsoft Defender XDR vs Microsoft Sentinel
Elastic Security vs Microsoft Sentinel Logo
Elastic Security vs Microsoft Sentinel
Cribl vs Microsoft Sentinel Logo
Cribl vs Microsoft Sentinel
Azure Key Vault vs Microsoft Sentinel Logo
Azure Key Vault vs Microsoft Sentinel
See all alternatives
Related questions
  • 25
What are your approaches on Azure Sentinel content deployment automation?
  • 96
Which is better - Azure Sentinel or AWS Security Hub?
  • 179
Which solution do you prefer: Microsoft Sentinel or Palo Alto Networks Cortex XSOAR?
  • 79
What is a better choice, Splunk or Azure Sentinel?
  • 135
What Solution for SIEM is Best To Be NIST 800-171 Compliant?
  • 82
When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
  • 86
What are the main differences between Nessus and Arcsight?
  • 65
What's The Best Way to Trial SIEM Solutions?
  • 118
Which is the best SIEM solution for a government organization?
  • 543
What is the difference between IT event correlation and aggregation?