Microsoft Sentinel Reviews

We are security system integrators. 

We have no complaints about the features or functionality.

Azure Sentinel, the Microsoft Azure product is, from what I understand, used for the Microsoft applications. I don't know if it works outside of the Microsoft Azure cloud.

I would like to be able to monitor applications outside of the Azure Cloud. That is one of the reasons one of the customers has multiple tools.

I have been using Azure Sentinel for approximately one year.

It's free. It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else. That'd be great if it was supporting other things.

If it's a security integrator like us, quite often people push the client into buying different vendors' products and the client already has the tool in-house. Microsoft is one of those tools that most clients already have.

Many vendors, or integrators, that we know of, are not familiar with Microsoft Sentinel product classification security. So that's one thing I would encourage both potential customers, and users, to look into what suite of products do they have with existing Microsoft accounts that they have. 

Also, the integrators should be quite familiar with all the things that are available to their clients, so they don't have to invest tons of money in other tools.

Based on having no complaints, I would rate Azure Sentinel an eight out of ten.

We use it on a public cloud. We have integrated Azure Lighthouse with Azure Sentinel Security. By integrating all of these, Azure Security Center and Azure Defender, we are providing an MSSP platform to our customers.

With other solutions, you see some restrictions for collecting the log from custom connectors. With Azure Sentinel, we do have some restrictions or sometimes we need to struggle with the connection, but there is no need to struggle with the log connection. There is 100% integration to your enterprise environment. This makes it easy to monitor and keep a track record for vulnerabilities and track whatever things are lurking in your network. They also have their custom alert tools, alerting the analytics team, where we can receive custom alerts based on our custom requirements. This has helped our organization a lot. Then with Azure Lighthouse, we can manage multiple customers with one platform, so on a single interface, we manage a number of customers that are using the Lighthouse service from the Azure.

In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store With Azure it is a built-in thing, so there is no need to go and search for another vendor or integrate your solution for the store with a third-party.

They could use some kind of workbook. There is some limitation doing the editing and creating the workbook. That would improve it. Sometimes you will find some network issue, and network error with the Azure Sentinel portal. That's the biggest drawback I found with the Sentinel. It would be great if would provide PIP platforms. They do have PI platforms but they don't have PIP.

My organization partners with Microsoft, so we are working on an MSSP with Azure.

The technical support for Azure Sentinel is quite good. You have one level up from the basic support so you will definitely get to Microsoft support directly and actually have a conversation with Microsoft technical guys for the support team and they will resolve your issues very quickly.

The setup for Azure Sentinel is very straightforward. You only need a subscription and for that subscription, you just need the admin roles. So if you are an admin and if you do have the Microsoft certification, you can make a Microsoft Azure account then it's very easy to setup and it's very easy to onboard the Sentinel.

Azure Sentinel s actually quite handy, and very adaptive to the market trends. Anyone who is looking for the same store, creating their complete security solution for their enterprise, for the effective security solution, and for data integration, they must go with the Azure Sentinel as they are going to get everything in one place. I would rate Azure Sentinel at an eight on a scale of ten.

Public Cloud

Microsoft Azure

I use Microsoft Sentinel for security incident management, monitoring, and incident tracking in the security environment. My clients use it to unify and monitor their entire ecosystem in the security sector using either Microsoft or other security products. This enables them to correlate all incidents and logs into Microsoft Sentinel.

The best feature of Microsoft Sentinel is its ability to unify all dashboards or functions into one modern SecOps dashboard. This integration means that I do not need to check multiple dashboards for security operations, offering seamless integration with the Microsoft ecosystem. The pre-built detection analytics and the ability to create custom detection rules more easily than some other solutions are also highly valuable. Additionally, the ability of Microsoft Sentinel to correlate data from multiple sources enhances threat detection capabilities.

The pricing tiers of Microsoft Sentinel should be improved. There are complexities in calculating the right pricing tier for different customers, which makes it difficult for me as a consultant during upfront pricing. Additionally, I would like to see more out-of-the-box data collectors to connect to proprietary systems in future versions.

I have been working with Microsoft Sentinel for around two years.

The cloud deployment of Microsoft Sentinel is very straightforward and one of the easiest I have worked with. It integrates quickly if all the requirements are prepared. This is different from other SIM solutions, which require more complex processes like preparing hardware and finding the right server size. In 10 to 15 minutes, it can be set up with a proxy server, and logs are automatically integrated, allowing for fast deployment without additional software installation.

Microsoft Sentinel is quite stable. However, some of the data connectors can become deprecated, requiring reconnection. I need to be aware of deprecated connectors as they may disconnect, but the data continues to be sent with a need for quick adaptation.

Being a SaaS solution, the scalability of Microsoft Sentinel is robust. I do not need to manage resources, and the open infrastructure allows for scalable usage.

As a consultant, I rate the quality of service for technical support a seven out of ten. The response is usually quick, especially through live chat, and further support is provided through email or remote assistance if needed.

Neutral

I have experience with other SIM solutions, including Azure and other major players in the security market. With Microsoft Sentinel, the ease of building detection rules and correlation queries is more straightforward than other tools like Splunk.

The initial setup is very simple and fast with Microsoft Sentinel, requiring only a small virtual machine as a proxy server. There is no need for complex hardware setups, unlike other SIM solutions.

Calculating the ROI of Microsoft Sentinel can be challenging. If a customer is already using Microsoft’s ecosystem, the ROI can be positive due to seamless integration. For those without significant Microsoft usage, the cost may be high, leading to a lower ROI.

The pricing tiers and associated complexities of Microsoft Sentinel can be cumbersome. Setting up the right cost model for customers is intricate, requiring careful consideration of various components and licensing tiers.

I have also worked with solutions like Splunk and other SIMs in the security market.

There are some issues with data connectors being deprecated and the lack of immediate replacements being available. However, the solution remains user-friendly and efficient for those within the Microsoft ecosystem. Overall, I rate Microsoft Sentinel an 8.5 out of ten.

Public Cloud

Microsoft Azure