We performed a comparison between Microsoft Defender for Endpoint and Microsoft Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's effective against most types of infection, and the firewall is perfect for protection."
"It's really stable. I've used a lot of stuff, a lot of products, like ESET and Kaspersky. None of them are comparable with this one. This one is much better."
"This product is flexible, and it is very easy to get updates from the Microsoft website."
"The most valuable features are that it's easy to use and the updates are very simple."
"Microsoft Defender for Endpoint is extremely stable."
"For threat-hunting, I'll put some threats in a test scenario. I've downloaded known viruses that are out in the public for testing. They're not really a virus but they've got a signature. Defender for Endpoint will automatically find those, quarantine them for me, and alert me to what it did. It gives me "automated eyes.""
"The threat hunting service is very useful for a security professional."
"It captures data through machine learning, which is built-in on the back-end. It also provides built-in analytics and a threat intelligence feature. It is a one-stop solution that doesn't require an antivirus because it comes prebuilt into Windows 10."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"It has basic out-of-the-box integrations with multiple log sources."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"We encountered some issues when we were trying to enable automatic updates from our group policy."
"Defender could be more secure and stable."
"If there were more template queries in the library, that would make it much easier. They could have basic things, like, "Where's the IP for this user?" or, "What file was downloaded from this user?" If there were more of those basic queries that would help."
"The deployment of Microsoft Defender for Endpoint on Windows 10 is not quite so straightforward. This could be made easier."
"The time it takes to implement policies has room for improvement."
"The automation could be simpler on the mitigation side. It has a learning curve. Otherwise, it's pretty easy."
"Its detection is not as quick. There should also be more frequent updates."
"It's not easy to create special allowances for certain groups of users. It can be a little heavy-handed in some areas where Microsoft has decided to lock a feature out, meaning they make it hard to make an exception... One company we work with needed to use about 20 different thumb drives for about 20 users. To make that exception for them was very difficult. In fact, you can't really make an exception. But what you can do is allow them to use it and, while it will still alert, you can actually suppress those alerts."
"The solution should allow for a streamlined CI/CD procedure."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"The troubleshooting has room for improvement."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"The reporting could be more structured."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 5th in Microsoft Security Suite with 182 reviews while Microsoft Sentinel is ranked 6th in Microsoft Security Suite with 85 reviews. Microsoft Defender for Endpoint is rated 8.0, while Microsoft Sentinel is rated 8.2. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, SentinelOne Singularity Complete, CrowdStrike Falcon and Cortex XDR by Palo Alto Networks, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and ServiceNow Security Operations. See our Microsoft Defender for Endpoint vs. Microsoft Sentinel report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.