Microsoft Sentinel Reviews and Ratings

Rating: 8.7 out of 10

Score

8.7 out of 10

Free Trial

Reviews

58 Reviews

My Experience With Microsoft Sentinel - Great SIEM Capabilities.

Rating: 9 out of 10

Incentivized

January 7, 2026

Use Cases and Deployment Scope

We use Microsoft Sentinel to boost our security, and it works amazingly well. It is our primary SOAR and SIEM solution, ensuring we have the best visibility into our security operations. With the tool in place, detection and responding to threats is easy thanks to its AI capabilities. In addition, it boosts our security by making it easy to collect data from all users, devices, and applications for threat analytics. Finally, it integrates with Microsoft products for better protection and management.

Pros

It works well as a SIEM and SOAR solution.
It comes with amazing AI threat detection capabilities.
It works across on-premises and multi-cloud environments.
It offers automated threat response.
Works well when it comes to threat analytics.
It supports integrations more so with Microsoft products such as MS Azure.

Cons

So far Microsoft Sentinel has been awesome. No serious challenges to list.

Likelihood to Recommend

I recommend Microsoft Sentinel for effective threat detection and response. It is a great SIEM and SOAR solution for businesses, and we have used it effectively, which is why I recommend it. Since it works across on-premises and multi-cloud environments, it is ideal for businesses of all sizes. Being AI-equipped and its ability to handle threat analytics make it irresistible.

Danisa Kaniaru

IT Specialist in Information Technology at Asociación de Internautas (51-200 employees)

Vetted Review

4 years of experience

Great SIEM

Rating: 8 out of 10

Incentivized

December 22, 2025

Use Cases and Deployment Scope

Microsoft Sentinel is utilized as our SIEM for all security event processing. This includes data from our on premise servers to the flow logs in our cloud environments. It provides us with a central way to correlated events and quickly gain contextual data on events taking place in our network. The Microsoft Security dashboard gives analysts a easy to use launch point to dive deeper into any alerts generated.

Pros

Cost
Easy M365 Data Ingestion
Central Management

Cons

Onboarding Instructions
More Third Party Use Cases
Additional Default Dashboards

Likelihood to Recommend

Microsoft Sentinel is a great choice for any customer who is entirely rooted in the Microsoft and windows environments. Sentinel has many data connectors to quickly get most log sources connected, but if you utilize various third party SaaS applications it may be difficult to ingest the data into Sentinel and it may not be the best pick for you.

Verified User

Manager in Information Technology (201-500 employees)

Vetted Review

2 years of experience

How I use Microsoft Sentinel to keep up in a Multi-client SOC

Rating: 7 out of 10

Incentivized

December 16, 2025

Use Cases and Deployment Scope

We support a mix of enterprise clients: banks, retail chains with weird legacy systems. So Microsoft Sentinel helps us wrangle all their logs into one place without losing our minds. My main day to day is triaging incidents coming from Microsoft Sentinel analytics and running KQL queries.

Pros

We get clean unified views across multiple clients
Built in hunting queries and analytics

Cons

As a junior analyst, I've struggled a lot with the learning curve. I had to pull off all-nighters at the start, just to wrap my head around Microsoft Sentinel

Likelihood to Recommend

I've learned to work around the automation and dashboards but I still stumble sometimes on writing the right KQL queries. It's a fit for anything to do with hunting, correlation and auto enrichments. You'll occasionally get overwhelmed with the alert storms. It's not Microsoft Sentinel's fault but it does require careful triage.

Kiera Lille

Junior SOC Analyst in Information Technology at Quantum Flairs (501-1000 employees)

Vetted Review

1 year of experience

One tool to oversee it all

Rating: 8 out of 10

Incentivized

December 11, 2025

Use Cases and Deployment Scope

Complex technological landscapes demand an orchestation tool to collect all the inputs, equalize the different formats and languages, and present the information in a way that is usefull to know what is happening. Microsoft Sentinel help us to look in one place, correlate, make zoom in and out and finally understand the action within our organization in such way that we can take action if needed

Pros

Correlate
Unify formats
Report

Cons

Native integrations
Visual presentation
Initial setup

Likelihood to Recommend

I can only speak from my perspective, that is really positive. We have a complex landscape, with multiple platforms, different Operative Systems, in extended time zones, and has proof to be a great fit. In a simpler scenario, with fewer and homogenous sources, probably you could find a more afordable tool.

Verified User

Manager in Information Technology (10,001+ employees)

Vetted Review

3 years of experience

My Experience With Microsoft Sentinel

Rating: 9 out of 10

Incentivized

November 18, 2025

Use Cases and Deployment Scope

We use Microsoft Sentinel as our primary SIEM solution and also for SOAR (Security Orchestration, Automation, and Response) and it has been working well. The tool enhances threat detection thanks to the advanced AI features and it has greatly enhanced our security preparedness and operations. The software not only detects threats but automatically responds to threats thereby streamlining remediation. The real-time response to threat makes it easy to secure and block threats before they can cause harm.

Pros

AI-powered threat hunting.
Automatic response to threats.
Offers real-time response to threats across clouds.
It is a great SIEM solution.
Works in Multi-cloud and hybrid environments.

Cons

Sometimes we get false positives.
Not the most affordable.

Likelihood to Recommend

If you business is looking for a SIEM or SOAR solution, I recommend Microsoft Sentinel. It is well equipped, works in multi-cloud environment and comes with AI powered threat hunting. In addition, the real-time automated response to threat ensures business systems are fully protected and I recommend it.

Chloe Duloue

IT Manager in Information Technology at AOC Blaye Côtes de Bordeaux (51-200 employees)

Vetted Review

4 years of experience

Microsoft Defender Threat Intelligence

Rating: 10 out of 10

Incentivized

August 30, 2025

Use Cases and Deployment Scope

We use it to get an overview of our overall security posture and for an easy way to apply Microsoft best practices.

The main use of it is also to find and report phishing and bad actor emails that we receive in our organization.

It is very easy to open defender and immediately see if something has been compromised or if a certain user is not up to date with security standards.

Pros

Easy interface to immediately look at security posture
Many different tools to use and many blades of features
Email reporting

Cons

There is so many features that sometimes it is hard to find what you need as you need to dig deep and get redirected
There could be better training or more intuitive design
I do not like how I get redirected sometimes and if there are multiple accounts logged into the browser sometimes it opens the wrong account and I get stuck in a loop that I must sign out of all accounts and try again

Likelihood to Recommend

If you are already using Entra ID and the Microsoft Suite is it very easy to use Microsoft Defender Threat Intelligence as it is built-in. For example, when looking at emails that are reported as phish, you can easily open up Defender and report the email to Microsoft with the click of a button with no additional work.

Verified User

Technician in Information Technology (1-10 employees)

Vetted Review

2 years of experience

Microsoft Sentinel feels so futuristic

Rating: 8 out of 10

Incentivized

July 23, 2025

Use Cases and Deployment Scope

Microsoft Sentinel is used as log management and SIEM tool , the tool replaces legacy on prem SIEMs having all your logs in the cloud.

the tool solves security monitoring and threat hunting problems.

it also enables an integrated automation solution (logic apps) from within the solution it self .

the connectors (log source integrations )usually comes with multiple detection rules and dashboards

Pros

Very good UI
Very good support to MS log sources
Good Threat hunting module
Automation through logic apps

Cons

Having less rapid changes of terminologies
Having less rapid changes in documentation
Having better documentation for connectors

Likelihood to Recommend

A cloud environment with good amount of MS solution.

No regulations that prevent from having the logs on the cloud.

having engineers with kql expertise.

its also provide a very flexible pricing structure where you can increase your allocated MPS as you go , so its suited if the environment is still not sure how much they went to invest into a SIEM solution

Mohamad Islam Hamadieh

SOC Engineer in Engineering at Dell technology (10,001+ employees)

Vetted Review

5 years of experience

View profile

Well done Microsoft Sentinel - great Product

Rating: 9 out of 10

Incentivized

July 14, 2025

Use Cases and Deployment Scope

Its integrated into a SOC to provide real-time visibility, reduce alert fatigue, and improve mean time to resolution (MTTR) - which we are achieving via custom playbooks. Monitor login activities, network traffic, and endpoint behavior to detect anomalies like brute-force attacks or compromised accounts. We have also found that our posture improved by 30% within the first month.

Pros

Single pane view to monitor and respond
Easy way to do Threat hunting
ease of investigating findings

Cons

More templates for customers
Cost is an issue - complex licensing
Bring the community more into the ecosystem

Likelihood to Recommend

Microsoft Sentinel excels in centralized monitoring, AI-driven threat detection, and automation, but improvements in cost transparency, user experience, third-party integrations, and support for emerging technologies could make it even more effective. Addressing these areas would enhance its appeal for small-to-medium businesses, large enterprises, and organizations with complex or specialized IT environments.

Verified User

Consultant in Information Technology (201-500 employees)

Vetted Review

6 years of experience

Smart features that save time

Rating: 9 out of 10

May 23, 2025

Use Cases and Deployment Scope

We track all our systems to protect them from any threats with Microsoft Sentinel. Before Microsoft Sentinel, it was challenging to monitor our systems and fix security issues and threats fast and in time to keep our data safe. Faster alerts are easy to obtain, and we can react and correct them more quickly to protect our data.

Pros

Keeps Everything in one place
Smart threat detection
Automatic response to threats
Clear visuals and reports

Cons

Setting up automation is complicated
Too many alerts at first
complicated permissions setup

Likelihood to Recommend

We use it because when a user sees the suspicious activity on his account, Microsoft Sentinel gives alerts to the user's system and the admin system as well. When a user of one of our systems clicked a spam email, that email was trying to install a virus on our server, but Microsoft Sentinel gave an alert to the user and admin both, so that is why our team was able to fix that issue with Microsoft Sentinel very fast. However, it will not be the best option for you if your team is utilizing every feature but you are on a tight budget.

Ian Stuebe

Project Manager in Information Technology at Apex Warehouse Systems (51-200 employees)

Vetted Review

3 years of experience