We performed a comparison between Microsoft Defender for Business and Microsoft Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft Defender for Business is good for small and medium-sized businesses. It offers solid security flexibility and integration with tools like Microsoft Lighthouse and some other software. It takes some of the features of Defender for Endpoint EDR and provides those services for small and medium-sized business environments."
"It is scalable."
"A few things are valuable. One is the alerting we see when any kind of intrusion is happening, any kind of malware is being deployed across the endpoints, or any kind of suspicious activity is going on. We have a footprint across all of North America, Canada, and Mexico, so we want to make sure that all our endpoints are protected and we are able to look for any anomalous activity."
"If you're an Intune user, you can bring in certain capabilities like system-hardening policies, which further enhances the security."
"The interface is quite user-friendly."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"It has a lot of great features."
"The biggest one is that Defender needs to be more proactive to the emerging threats. There can be tighter integration with email, especially how it integrates with our email system, which is the Microsoft Outlook suite. There should be the ability to react a lot quicker to emerging threats because sometimes, it takes a few days before some of these new threats are fully identified, and we need that to be a few hours."
"The security could always be improved."
"Defender's threat protection should be fine-tuned to reduce false positives. It could be more targeted, reflecting a continuous evolution in detecting. Also, it could be easier to integrate into other environments."
"We faced some issues while running some applications on Mac."
"Defender's reporting is rather scattered, and its URL filtering mechanism doesn't really work."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"There is room for improvement in entity behavior and the integration site."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
More Microsoft Defender for Business Pricing and Cost Advice →
Microsoft Defender for Business is ranked 20th in Microsoft Security Suite with 5 reviews while Microsoft Sentinel is ranked 6th in Microsoft Security Suite with 85 reviews. Microsoft Defender for Business is rated 8.0, while Microsoft Sentinel is rated 8.2. The top reviewer of Microsoft Defender for Business writes "Quicker response time, improved security posture, and reduced alerts". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Microsoft Defender for Business is most compared with HP Wolf Security, Microsoft Defender for Office 365, Microsoft Intune, Microsoft Defender for Endpoint and SentinelOne Singularity Complete, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and Elastic Security. See our Microsoft Defender for Business vs. Microsoft Sentinel report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.