Microsoft Sentinel Review Insights

Score8.6 out of 10

102 Reviews and Ratings

Back to Reviews

Insights from Microsoft Sentinel Reviewers

Based on 9 verified reviews published in the last 18 months

Do you use Microsoft Sentinel’s AI, machine learning, and analytics for threat detections? How do you use these features? What have you accomplished with these features?

9 answered

This report synthesizes 9 recent reviews to understand how users leverage Microsoft Sentinel's AI, machine learning, and analytics for threat detection. Reviewers show mixed sentiment regarding the effectiveness of Microsoft Sentinel's AI in directly driving threat detection. While some users find the AI tools helpful for identifying unusual activities and improving threat detection (4 of 9 reviewers), others express uncertainty about the extent to which Microsoft's AI actively contributes to threat detection. Two reviewers appreciate the ease of use and time savings associated with the platform's built-in AI functionalities.

AI for threat detection

4 mentions

Four of the nine reviewers mention using Microsoft Sentinel’s AI for threat detection, but their experiences and percep…

Four of the nine reviewers mention using Microsoft Sentinel’s AI for threat detection, but their experiences and perceptions vary. Some find the AI helpful for identifying suspicious activities and improving threat detection capabilities. However, other reviewers express uncertainty or skepticism about the extent to which Microsoft's AI directly drives threat detection, with some indicating a lack of transparency regarding the AI's inner workings.

Ease of use

2 mentions

Two reviewers highlight the ease of use associated with Microsoft Sentinel's AI features. They appreciate the seamless…

Two reviewers highlight the ease of use associated with Microsoft Sentinel's AI features. They appreciate the seamless integration of these tools into their daily workflows, resulting in significant time savings for security analysts.

How do you use Microsoft Sentinel’s investigation tools? How has it impacted your investigation process?

9 answered

This report analyzes 9 recent reviews to understand how users employ Microsoft Sentinel's investigation tools and the impact on their investigation processes. Reviewers appreciate the tools for enhancing their understanding of security issues and expediting investigations. Specifically, 4 of 9 reviewers highlight the faster investigation process, while 3 of 9 mention using the investigation tools to understand security issues. The tool's ability to facilitate a deeper understanding of security incidents and accelerate response times are key benefits cited by users.

Faster investigation process

4 mentions

A significant benefit noted by reviewers is the reduction in investigation time. Four out of nine reviewers specificall…

A significant benefit noted by reviewers is the reduction in investigation time. Four out of nine reviewers specifically mentioned that Microsoft Sentinel's tools have made their investigations faster, enabling quicker reactions to incidents and easier attack analysis compared to manual forensic methods.

Using investigation tools

3 mentions

Reviewers report using Microsoft Sentinel's investigation tools to gain insights into security issues. Three out of nin…

Reviewers report using Microsoft Sentinel's investigation tools to gain insights into security issues. Three out of nine reviewers specifically mentioned utilizing these tools to understand the nature and origin of security problems, with some highlighting the graph view for in-depth problem analysis and logic apps for data enrichment.

What are the different sources from which you pull data into Microsoft Sentinel?

9 answered

This report synthesizes 9 recent product reviews to identify the data sources that users connect to Microsoft Sentinel. Reviewers mentioned a variety of sources, with Microsoft 365 data sources and other various data sources each being mentioned by 3 of the 9 reviewers. The reviews indicate that Microsoft Sentinel is used to ingest data from both cloud and on-premises environments, including firewalls, endpoints, and servers.

Various Data Sources

3 mentions

A wide array of data sources are connected to Microsoft Sentinel, according to 3 of the 9 reviewers. These include fire…

A wide array of data sources are connected to Microsoft Sentinel, according to 3 of the 9 reviewers. These include firewalls, endpoints, cloud applications, and on-premises servers. This suggests that Microsoft Sentinel is versatile in its ability to ingest data from diverse environments, providing a comprehensive view of an organization's security posture.

Microsoft 365 Data Sources

3 mentions

Microsoft 365 data sources are a commonly used data source for Microsoft Sentinel, as reported by 3 of the 9 reviewers.…

Microsoft 365 data sources are a commonly used data source for Microsoft Sentinel, as reported by 3 of the 9 reviewers. These sources include Microsoft 365 services such as SharePoint and Office 365. Reviewers highlight the importance of these integrations for monitoring and security within their Microsoft 365 environments.

Describe how you use Microsoft Sentinel in your organization. What are the business problems the product addresses and what is the scope of your use case?

9 answered

This report synthesizes 9 recent reviews to understand how organizations are using Microsoft Sentinel and the business problems it addresses. A primary use case for Sentinel is centralized security monitoring, with 5 of 9 reviewers mentioning its role as a core SIEM engine for correlating event logs and consolidating alerts from various sources. Two reviewers specifically highlighted using Sentinel as part of a managed service offering, where they deploy, configure, and manage Sentinel instances for their clients, building detection rules and responding to security incidents on their behalf. Reviewers indicate that Sentinel helps organizations gain visibility into potential threats from cloud and on-premise environments, enabling them to be aware of security signals that could indicate an attack.

Centralized Security Monitoring

5 mentions

A core function of Microsoft Sentinel, according to 5 of 9 reviewers, is its ability to serve as a centralized security…

A core function of Microsoft Sentinel, according to 5 of 9 reviewers, is its ability to serve as a centralized security information and event management (SIEM) system. Reviewers appreciate its capacity to correlate event logs from diverse sources, providing a central hub for security operations. This centralized approach enables organizations to detect potential threats originating from both cloud and on-premises environments.

Managed Service Use Case

2 mentions

Two of 9 reviewers highlighted the use of Sentinel as a foundation for managed security services. These reviewers indic…

Two of 9 reviewers highlighted the use of Sentinel as a foundation for managed security services. These reviewers indicated they leverage Sentinel to provide managed extended detection and response (XDR) solutions for their clients. This involves deploying, configuring, and managing Sentinel instances within client environments, along with building detection rules and responding to security incidents.

Please provide some detailed examples of areas where Microsoft Sentinel has room for improvement.

9 answered

This analysis of 9 recent Microsoft Sentinel reviews identifies areas where users see room for improvement. A recurring concern, voiced by 4 reviewers, centers on integration and interface challenges. These reviewers express a desire for a more unified experience, citing difficulties navigating between Azure and other products. Further, 2 of the 9 reviewers found the initial setup and automation processes to be complex, particularly concerning permissions. These findings suggest that while Microsoft Sentinel offers valuable security capabilities, streamlining the user experience and simplifying initial configuration could enhance user satisfaction.

Integration and Interface Issues

4 mentions

Integration and interface issues are a notable area for improvement, according to 4 of the 9 reviewers. These users rep…

Integration and interface issues are a notable area for improvement, according to 4 of the 9 reviewers. These users report that the dashboard is not optimal and that integrating various products and data sources can be confusing, requiring navigation across multiple platforms. Reviewers suggest a need for a more centralized and streamlined interface to improve usability.

Complexity and Setup

2 mentions

Complexity in setup is another area mentioned for potential improvement, cited by 2 of the 9 reviewers. These reviewers…

Complexity in setup is another area mentioned for potential improvement, cited by 2 of the 9 reviewers. These reviewers specifically point to the complicated nature of setting up automation and managing permissions. This suggests that simplifying these initial configuration steps could improve the user experience.

Please provide some detailed examples of things that Microsoft Sentinel does particularly well.

9 answered

This report synthesizes 9 recent reviews to identify areas where Microsoft Sentinel performs well. Reviewers highlight Sentinel's integration capabilities, particularly with Microsoft Defender, with 3 of 9 reviewers mentioning its ability to unify and ingest data from various sources like XDR, servers, and firewalls. Two reviewers also praised its automated response capabilities, noting the platform's ability to automatically take actions against incoming attacks in real time based on configured rules. This automation ensures timely responses regardless of whether someone is actively monitoring the platform.

Good integration

3 mentions

Integration with other systems, especially Microsoft Defender, is a strength noted by 3 of 9 reviewers. Reviewers appre…

Integration with other systems, especially Microsoft Defender, is a strength noted by 3 of 9 reviewers. Reviewers appreciate the platform's ability to ingest data from various sources, including XDR, servers, and firewalls. One reviewer specifically called out its integration with Kubernetes systems.

Automated responses

2 mentions

Two of 9 reviewers specifically mentioned the value of automated responses to threats. They appreciate the platform's a…

Two of 9 reviewers specifically mentioned the value of automated responses to threats. They appreciate the platform's ability to take pre-configured actions automatically in response to attacks, ensuring timely mitigation without requiring constant human oversight.