This product assessment is based on a synthesis of 9 recent reviews of Microsoft Sentinel, spanning multiple dimensions of product satisfaction and use. Microsoft Sentinel serves as a centralized security information and event management (SIEM) system, primarily used for security monitoring and threat detection across both cloud and on-premises environments. A significant portion of reviewers (5 of 9) utilize Sentinel as their core SIEM engine, consolidating alerts and correlating event logs from diverse sources. While Sentinel excels in its integration with Microsoft products, particularly Microsoft Defender, allowing for unified data ingestion from sources like XDR, servers, and firewalls (3 of 9 reviewers), some users find the integration and interface experience disjointed, desiring a more seamless navigation between Azure and other products (4 of 9 reviewers). The platform's automated response capabilities are also a notable strength, enabling real-time action against attacks based on pre-configured rules. However, the initial setup and automation processes can be complex, especially regarding permissions. User sentiment regarding Sentinel's AI-driven threat detection is mixed; while some appreciate the AI tools for identifying unusual activities and improving threat detection (4 of 9 reviewers), others are uncertain about the extent of AI's active contribution. Overall, Microsoft Sentinel offers a valuable security solution, particularly for organizations already invested in the Microsoft ecosystem, but potential users should be prepared to address integration challenges and invest time in initial configuration.

Pros

Strong integration with Microsoft Defender and other Microsoft products for unified data ingestion.
Automated response capabilities enable real-time action against incoming attacks.
Centralized security monitoring and event correlation from various sources.
Investigation tools facilitate faster investigation processes and deeper understanding of security issues.
Valuable for managed service providers to deploy and manage security for their clients.

Cons

Disjointed user experience navigating between Azure and other products.
Complex initial setup and automation processes, especially regarding permissions.
Uncertainty regarding the effectiveness of Microsoft's AI in actively driving threat detection.
Integration challenges with non-Microsoft data sources.
Requires significant configuration and rule creation to realize its full potential.

Do you use Microsoft Sentinel’s AI, machine learning, and analytics for threat detections? How do you use these features? What have you accomplished with these features?

From 9 reviews | Last Published April 24, 2026

Summary

This report synthesizes 9 recent reviews to understand how users leverage Microsoft Sentinel's AI, machine learning, and analytics for threat detection. Reviewers show mixed sentiment regarding the effectiveness of Microsoft Sentinel's AI in directly driving threat detection. While some users find the AI tools helpful for identifying unusual activities and improving threat detection (4 of 9 reviewers), others express uncertainty about the extent to which Microsoft's AI actively contributes to threat detection. Two reviewers appreciate the ease of use and time savings associated with the platform's built-in AI functionalities.

Related topics

AI for threat detection Ease of use

Top Quotes

AI for threat detection

“Yes, we use Microsoft Sentinel’s smart AI tools to catch unusual or suspicious activity that might be difficult to spot otherwise.”

Ease of use

“Yes, we do. We use them as just part of our day-to-day functionality. It's built in. Massive savings in people time.”

How do you use Microsoft Sentinel’s investigation tools? How has it impacted your investigation process?

From 9 reviews | Last Published April 24, 2026

Summary

This report analyzes 9 recent reviews to understand how users employ Microsoft Sentinel's investigation tools and the impact on their investigation processes. Reviewers appreciate the tools for enhancing their understanding of security issues and expediting investigations. Specifically, 4 of 9 reviewers highlight the faster investigation process, while 3 of 9 mention using the investigation tools to understand security issues. The tool's ability to facilitate a deeper understanding of security incidents and accelerate response times are key benefits cited by users.

Top Quotes

Faster investigation process

“Again, it's reduced the time it takes to do an investigation.”

Using investigation tools

“We use tools provided by Microsoft Sentinel to see and understand security issues. It helps us understand the level of the problems and how they arrived in our system.”

What are the different sources from which you pull data into Microsoft Sentinel?

From 9 reviews | Last Published April 24, 2026

Summary

This report synthesizes 9 recent product reviews to identify the data sources that users connect to Microsoft Sentinel. Reviewers mentioned a variety of sources, with Microsoft 365 data sources and other various data sources each being mentioned by 3 of the 9 reviewers. The reviews indicate that Microsoft Sentinel is used to ingest data from both cloud and on-premises environments, including firewalls, endpoints, and servers.

Top Quotes

Various Data Sources

“We are importing data into Microsoft Sentinel from a number of sources, including our firewalls, Azure, Microsoft 365, and even our on-site servers.”

Microsoft 365 Data Sources

“So all of the M 365 sources.”

Describe how you use Microsoft Sentinel in your organization. What are the business problems the product addresses and what is the scope of your use case?

From 9 reviews | Last Published April 24, 2026

Summary

This report synthesizes 9 recent reviews to understand how organizations are using Microsoft Sentinel and the business problems it addresses. A primary use case for Sentinel is centralized security monitoring, with 5 of 9 reviewers mentioning its role as a core SIEM engine for correlating event logs and consolidating alerts from various sources. Two reviewers specifically highlighted using Sentinel as part of a managed service offering, where they deploy, configure, and manage Sentinel instances for their clients, building detection rules and responding to security incidents on their behalf. Reviewers indicate that Sentinel helps organizations gain visibility into potential threats from cloud and on-premise environments, enabling them to be aware of security signals that could indicate an attack.

Top Quotes

Managed Service Use Case

“Internally we use it to gain visibility around threats within the organization, but primarily we consult with other organizations to deploy and implement Sentinel. We have a managed service built around Sentinel. So we use Sentinel as part of our managed XDR solution that we've developed with Microsoft.”

Centralized Security Monitoring

“Sentinel for us is the core sim engine. That is where all my event logs get correlated and it is the nerve hub of my security operation center.”

Please provide some detailed examples of areas where Microsoft Sentinel has room for improvement.

From 9 reviews | Last Published April 24, 2026

Summary

This analysis of 9 recent Microsoft Sentinel reviews identifies areas where users see room for improvement. A recurring concern, voiced by 4 reviewers, centers on integration and interface challenges. These reviewers express a desire for a more unified experience, citing difficulties navigating between Azure and other products. Further, 2 of the 9 reviewers found the initial setup and automation processes to be complex, particularly concerning permissions. These findings suggest that while Microsoft Sentinel offers valuable security capabilities, streamlining the user experience and simplifying initial configuration could enhance user satisfaction.

Top Quotes

Integration and Interface Issues

“Dashboard is not very good. Some of the interfaces and the integration needs so much more work.”

Complexity and Setup

“Setting up automation is complicated”

Please provide some detailed examples of things that Microsoft Sentinel does particularly well.

From 9 reviews | Last Published April 24, 2026

Summary

This report synthesizes 9 recent reviews to identify areas where Microsoft Sentinel performs well. Reviewers highlight Sentinel's integration capabilities, particularly with Microsoft Defender, with 3 of 9 reviewers mentioning its ability to unify and ingest data from various sources like XDR, servers, and firewalls. Two reviewers also praised its automated response capabilities, noting the platform's ability to automatically take actions against incoming attacks in real time based on configured rules. This automation ensures timely responses regardless of whether someone is actively monitoring the platform.

Related topics

Good integration Automated responses

Top Quotes

Good integration

“I think the unification integration really, really works well with Microsoft Defender.”

Automated responses

“Automatic response to threats”

View All Reviews

Microsoft Sentinel Reviews

53 Reviews

Smart features that save time

Rating: 9 out of 10

May 23, 2025

Use Cases and Deployment Scope

We track all our systems to protect them from any threats with Microsoft Sentinel. Before Microsoft Sentinel, it was challenging to monitor our systems and fix security issues and threats fast and in time to keep our data safe. Faster alerts are easy to obtain, and we can react and correct them more quickly to protect our data.

Pros

Keeps Everything in one place
Smart threat detection
Automatic response to threats
Clear visuals and reports

Cons

Setting up automation is complicated
Too many alerts at first
complicated permissions setup

Likelihood to Recommend

We use it because when a user sees the suspicious activity on his account, Microsoft Sentinel gives alerts to the user's system and the admin system as well. When a user of one of our systems clicked a spam email, that email was trying to install a virus on our server, but Microsoft Sentinel gave an alert to the user and admin both, so that is why our team was able to fix that issue with Microsoft Sentinel very fast. However, it will not be the best option for you if your team is utilizing every feature but you are on a tight budget.

Ian Stuebe

Project Manager in Information Technology at Apex Warehouse Systems (51-200 employees)

Vetted Review

3 years of experience

Sentinel Review

Rating: 8 out of 10

Incentivized

May 6, 2025

Use Cases and Deployment Scope

We mainly use it for another company tennet. They're mostly Microsoft, so we have to go inside their tenants. I know there is some products within out company that do use Microsoft as well, but we primarily use it for our other tenant.

Pros

Detections
Breakdowns
Point to blank

Cons

One of the things I would like to see differently is bringing it all in together. Cause I have to go to Azure and I have to go to other products and a lot of that can get confusing really fast. I would just like to have one kind of singular home point where I can go to different products.

Likelihood to Recommend

Quarantining detections are really relevant and being able to investigate particularly what someone has done. What's not so relevant is product security or not even product security. Endpoint security and management of users, I would say.

Verified User

Analyst in Information Technology (10,001+ employees)

Vetted Review

2 years of experience

Microsoft Sentinel Review

Rating: 10 out of 10

Incentivized

May 6, 2025

Use Cases and Deployment Scope

Internally we use it to gain visibility around threats within the organization, but primarily we consult with other organizations to deploy and implement Sentinel. We have a managed service built around Sentinel. So we use Sentinel as part of our managed XDR solution that we've developed with Microsoft.

Pros

Well, that's a good question. It does a lot, well, probably my engineers would be better positioned to answer that question, but it correlates really well. Security orchestration, it highlights risks in the organization, provides insights to our analysts to respond to threats and it implements well.

Cons

The licensing could be a little bit simpler

Likelihood to Recommend

Scenarios where it's best suited would be organizations looking to consolidate on a platform, gain better visibility of threats in their environment, reduce the amount of time it takes to search for and respond. And then scenarios where it's less appropriate. Well, I guess anything where you're not collecting, where you need to collect large amounts of information to make quick decisions.

Richard Dornhart

National Security Practice Manager in Sales at Data#3 (1001-5000 employees)

Vetted Review

Reseller

5 years of experience

Microsoft Sentinel Review

Rating: 9 out of 10

Incentivized

April 30, 2025

Use Cases and Deployment Scope

We use it as a central SIM to collect all of these security alerts from our customers. It overcomes the fact that you need some sort of way to centrally collect it, so the SIM will be your central collector.

Pros

I think the unification integration really, really works well with Microsoft Defender.

Cons

I would say it could improve in collecting network logs better at a lower cost with better integration, easier integration. So the support for collection of network logs would be something they should approve.

Likelihood to Recommend

If a company has a Microsoft First strategy and is very much already in the cloud, then Sentinel is well positioned.

Verified User

Director in Information Technology (201-500 employees)

Vetted Review

6 years of experience

Microsoft Sentinel Review

Rating: 9 out of 10

Incentivized

April 30, 2025

Use Cases and Deployment Scope

The business problem is that you have a lot of threats that could come from the cloud and also on premise on really any device that is logging into your domain as company. So with Sentinel you could be aware of any signal that could mean or could imply that you are under an attack. So you could correlate several events from several devices or from several kind of inputs to identify a threat. And if you have this configure on the Pro, you could take action or send an alert to the responsible

Pros

I think that you have a lot of, for example, an incoming attack you could release on real time and if you configure an action that must be taken, you could be sure that the action will be taken automatically no matter the time or no matter if someone is checking the platform exactly at that moment.

Cons

I think that the price is always a consideration because it's based on consumption. So a change in the price model will be a good point for mid-size and large companies.

Likelihood to Recommend

I think that the pro is well suited for a complex environment for a big organization that has people that has a mid-size cybersecurity team in place. And it's less appropriate if you are a not so big company because the budget could be important. Barrier to adopt it right on the right way

Verified User

Representative in Sales (11-50 employees)

Vetted Review

2 years of experience

Microsoft Sentinel Review

Rating: 10 out of 10

Incentivized

April 30, 2025

Use Cases and Deployment Scope

Sentinel is an CM two to monitoring and send alerts for the incident information security alerts and consolidate many source to detect many threats and many alerts

Pros

It's not having capacity to integrate or ingest many source of the information like to XDR and servers and many products to security firewalls on all firewalls. And they have capability to integrate via all? Yes, the mean the API with another tools.

Cons

I think in some case don't have too easy to integrate some products. It's less products to integrate or many source of information, but it's the minimal.

Likelihood to Recommend

When the customers have all products of the Microsoft or they have an suite like to Microsoft 365, they have an close to the benefits, the less cost to ingest these sources and it's an I scenario, less appropriate. Maybe when they have an G Suite or another cloud products, it's not too easy to implement.

Verified User

Manager in Sales (51-200 employees)

Vetted Review

4 years of experience

Microsoft Sentinel Review

Rating: 10 out of 10

Incentivized

April 30, 2025

Use Cases and Deployment Scope

The primary use case for us is as a managed service for our clients. We maintain dozens of instances in our client's Azure environments for them, and then we build detection rules, manage the configuration for them, and then respond to incidents with it.

Pros

It is extensible into other Azure services for customization, so it is very flexible towards adaptation and customization and support for building customizations.

Cons

I would like better capabilities and customizations. The UBA modules or behavioral analytics, there's some stuff there. It's not particularly well documented and we've had to figure it out on our own and it's continuing to get better, but it's been around for a long time without a lot of change. It's just recently been changing and improving, but I'd like to see UBA become more customizable and clear on how it operates.

Likelihood to Recommend

I think for all medium and large organizations, I don't have any solutions where it doesn't make a lot of sense because of its flexibility. I work primarily in medium and very large size companies and it's very good there because it's flexible and adaptable as I mentioned previously. But for small companies, which I don't do a lot of business with, there's sort of easy buttons for a lot of things. So people are able to get comfortable with it pretty quickly. So I don't have a lot of problems in that sense.

Verified User

C-Level Executive (201-500 employees)

Vetted Review

6 years of experience

Microsoft Sentinel Review

Rating: 6 out of 10

Incentivized

April 30, 2025

Use Cases and Deployment Scope

Sentinel for us is the core sim engine. That is where all my event logs get correlated and it is the nerve hub of my security operation center.

Pros

What has worked well for me and my company is this is a SaaS product, so the access and the availability from that perspective is significantly high. Integration I think was above average for most of the devices as well as the user interface is good.

Cons

Dashboard is not very good. Some of the interfaces and the integration needs so much more work.

Likelihood to Recommend

The product is well suited if you have a large Microsoft ecosystem, their platforms solutions are that is what you use, which we do. I think where it is less suited is where the ecosystem is broader. And if you have less than 25% or 30% of Microsoft's capabilities deployed in your environment.

Rajesh Kumar

Senior Vice President in Information Technology at EXL Service (10,001+ employees)

Vetted Review

1 year of experience

Microsoft Sentinel Review

Rating: 10 out of 10

Incentivized

April 29, 2025

Use Cases and Deployment Scope

At an organization we've deployed this as one of our edge security components, so any edge traffic that comes through our system has to basically propagate through the central lab. Product scope is pretty wide because it's a lot of our API traffic.

Pros

I would say the user experience is pretty good. It integrates very well with our Kubernetes systems.

Cons

I honestly can't think anything at this point.

Likelihood to Recommend

Well suited for a organization that has a lot of traffic coming in and is busy. You can't really scan every single request that comes in, so this product is really great for that. And less appropriate would be if you have very small traffic, small number of requests coming in.

Verified User

Professional in Information Technology (10,001+ employees)

Vetted Review

2 years of experience

Great Improvement in Our Security after Adapting to Microsoft Sentinel

Rating: 9 out of 10

Incentivized

February 20, 2025

Use Cases and Deployment Scope

Microsoft Sentinel has helped us in Automated threat detection and action. Helped us to boost our security. Increased efficiency and security.

Pros

Well suited for remote and on site protection
Automated Threat Detection and Action
Virus Scanning

Cons

Better Price Range for small medium buisness
Would like to see better User Interface
Some kinda small dashboard to monitor

Likelihood to Recommend

Very well suited for remote and on site security services. I remember after switching to Microsoft Sentinel, we were able to catch some threats that previous vendor couldn't find. Really experience matters.

Himanshu Pawar

Manager in Sales at Alorica (51-200 employees)

Vetted Review

2 years of experience

Loading Reviews List....