We performed a comparison between Microsoft Defender Threat Intelligence and Microsoft Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It just runs in the background. I don't have to worry about, making sure it's Intelligence. So, you know, this kind of makes it very easy, have to worry about installing. It is easy to use."
"The tool is managed from the cloud, because of which the maintenance is very low."
"The product provides efficient email security for sending links and file attachments."
"Microsoft collects trillions of signals from all over the world, which is incredibly valuable. It helps us identify zero-day vulnerabilities and global threats."
"I value how Threat Intelligence integrates with the different platforms in Microsoft."
"It is very scalable. There are approximately 2,000 endpoints and up to 200 servers in our company."
"The tool can proactively detect potential incidents."
"The technical support services are excellent."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"Free ingestion for Azure logs (with E5 licence)"
"Sentinel pricing is good"
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"Microsoft Defender Threat Intelligence should integrate with different platforms."
"We encounter problems connecting the product deployed on the user endpoints with the servers."
"One area that can be improved is reducing false positives."
"Having up-to-date documentation and real-time reflections in all portals would be beneficial to keep users informed about any changes. Additionally, the frequent changes in Microsoft's UI and the movement of features between different products in the set pose difficulties."
"Technical support could be a bit better."
"I would like to see more integration with other solutions. For example, integration well with Microsoft but not with other solutions."
"The tool's onboarding of users that use on-premise or hybrid environments needs to be improved."
"Microsoft Defender Threat Intelligence is evolving and needs to fix and enhance numerous issues like stability and licensing. The continuous rebranding and licensing changes are confusing."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
More Microsoft Defender Threat Intelligence Pricing and Cost Advice →
Microsoft Defender Threat Intelligence is ranked 16th in Microsoft Security Suite with 23 reviews while Microsoft Sentinel is ranked 6th in Microsoft Security Suite with 85 reviews. Microsoft Defender Threat Intelligence is rated 8.4, while Microsoft Sentinel is rated 8.2. The top reviewer of Microsoft Defender Threat Intelligence writes "A tool that offers endpoint protection with low maintenance costs". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Microsoft Defender Threat Intelligence is most compared with Cisco Threat Grid, STAXX, ThreatConnect Threat Intelligence Platform (TIP), VirusTotal and Splunk Mission Control, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and Elastic Security. See our Microsoft Defender Threat Intelligence vs. Microsoft Sentinel report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.