We performed a comparison between Microsoft Defender Threat Intelligence and Microsoft Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The tool can proactively detect potential incidents."
"The tool is managed from the cloud, because of which the maintenance is very low."
"I value how Threat Intelligence integrates with the different platforms in Microsoft."
"The solution blocks incoming threats on the local PC or any cloud-based threats."
"They have a very transparent roadmap for the product."
"The solution is well integrated with other Microsoft security products."
"The product is useful when the end user downloads malware files."
"You can use it to monitor third parties and ensure they are not under threat attacks. It is beneficial in the GRC model."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"It's pretty powerful and its performance is pretty good."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"I would like to see more integration with other solutions. For example, integration well with Microsoft but not with other solutions."
"The price of the solution is an area of concern where improvements are required. In general, the solution's price needs to be reduced."
"Microsoft Defender Threat Intelligence should integrate with different platforms."
"We encounter problems connecting the product deployed on the user endpoints with the servers."
"It's a bit complicated to manage because you have many dependencies of servers, many dependencies in queue, and so on. Entries or different endpoints, and you make different configuration topics for each one. So that's a major problem."
"It takes time for the support team to understand the issue, and they then respond with a delay at times, which causes a lot of trouble."
"I would like to see more AI features and capabilities."
"Microsoft itself is a major target for attacks and threats due to its size and popularity. That could be considered Microsoft's Achilles heel."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
More Microsoft Defender Threat Intelligence Pricing and Cost Advice →
Microsoft Defender Threat Intelligence is ranked 16th in Microsoft Security Suite with 24 reviews while Microsoft Sentinel is ranked 6th in Microsoft Security Suite with 85 reviews. Microsoft Defender Threat Intelligence is rated 8.4, while Microsoft Sentinel is rated 8.2. The top reviewer of Microsoft Defender Threat Intelligence writes "A tool that offers endpoint protection with low maintenance costs". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Microsoft Defender Threat Intelligence is most compared with STAXX, Cisco Threat Grid, ThreatConnect Threat Intelligence Platform (TIP), VirusTotal and Splunk Mission Control, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and Elastic Security. See our Microsoft Defender Threat Intelligence vs. Microsoft Sentinel report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.