We performed a comparison between Microsoft Defender for Endpoint and Microsoft Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The whole bundle of the product, which is similar to other Microsoft products, is valuable. Ten years ago, you had third-party stuff for different things. You had one solution for email archiving and another third-party one for something else. Nowadays, Microsoft Office covers all the stuff that was formerly covered by third-party solutions. It is the same with antivirus. The functionality is just basic. You have the scanning, and then you also have a kind of cloud-based protection and reporting about your environment. With Microsoft Security Center, you have a complete overview of your environment. You know the software inventory, and you have security recommendations. You can not only see that the antivirus is up to date; you can also see where are the vulnerabilities in your system. Microsoft Security Center tells you where you have old, deprecated software and what kind of CVEs are addressed. It's really cool stuff."
"Defender for Endpoint provides good visibility into threats and has favorable threat intelligence."
"Defender should be fine for home use. It has all the basic functionality you need. I can't speak to how well it works as an enterprise solution because I'm not in the space."
"It automatically detects intrusion and malware."
"You have endpoint security to keep your devices safe. That's the feature that we're interested in."
"It is stable and easy to use. Everything is okay, and there are no performance issues."
"It integrates very well with all Windows workstations or other Microsoft Endpoint products. It also works quite well. So far, I have not had any issue that hasn't been sorted out. It doesn't use too many resources, so you don't have to install different things."
"Provides good vulnerability assessment."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"It's pretty powerful and its performance is pretty good."
"Sentinel pricing is good"
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"There are alternative solutions that offer a greater range of dashboard insights when compared to Microsoft Defender for Endpoint."
"The documentation could be better. When they update their manuals, sometimes they refer to products by their old names, so it is a little confusing. For example, the documentation might still say "Advanced Threat Protection" instead of Defender for Endpoint."
"The anti-ransomware features need to be improved upon."
"The product development team makes frequent changes that affect the stability of the solution."
"Microsoft Windows Defender doesn't have a game mode."
"The automation could be simpler on the mitigation side. It has a learning curve. Otherwise, it's pretty easy."
"There could be an increase in security for the solution."
"This solution is not secure, which is why I have moved to Linux."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 5th in Microsoft Security Suite with 182 reviews while Microsoft Sentinel is ranked 6th in Microsoft Security Suite with 85 reviews. Microsoft Defender for Endpoint is rated 8.0, while Microsoft Sentinel is rated 8.2. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, SentinelOne Singularity Complete, CrowdStrike Falcon and Cortex XDR by Palo Alto Networks, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and ServiceNow Security Operations. See our Microsoft Defender for Endpoint vs. Microsoft Sentinel report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.