Microsoft Sentinel Reviews and Ratings

Rating: 8.7 out of 10

Score

8.7 out of 10

Free Trial

Reviews

65 Reviews

Dealing With Cyber Threats With Microsoft Sentinel.

Rating: 8 out of 10

Incentivized

April 18, 2026

Use Cases and Deployment Scope

We use Microsoft Sentinel to boost our cybersecurity. It is our primary SIEM and SOAR solution, and it's reliable for detecting, investigating, responding to, and remediating cyber threats across our multi-cloud environments. It has greatly increased our security operations by effectively reducing false positives and centralizing security logs.

Pros

AI powered threat detection increases accuracy.
It automatically responds to threat incidences.
Proactive threat hunting adds a layer of security.
Comes with great threat intelligence features.
Makes monitoring and visualization easy.

Cons

We have experienced improper tiering.
Limited integration with non Microsoft ecosystems.

Likelihood to Recommend

I recommend Microsoft Sentinel, but only to businesses already using Microsoft solutions. It offers great features as a SIEM and SOAR solution, keeping business infrastructure protected from all manner of cyber threats.

Lilian Hyal

IT Admin in Information Technology at Cybele Systems (11-50 employees)

Vetted Review

3 years of experience

Microsoft Sentinel Review

Rating: 10 out of 10

Incentivized

April 7, 2026

Use Cases and Deployment Scope

We are a Microsoft customer; Azure is our cloud platform of choice, but we're invisible to what's happening in the cloud. We have no developers going and doing their thing, their spin-up applications. We don't have the visibility of what is going on. What Microsoft Sentinel brings us is visibility, at scale, and helps us identify issues that we should focus on. We can either bring all that data in-house and do our own stuff, or we leave it in the cloud and basically leverage Microsoft Sentinel at scale.

Pros

It's the scale. Having built-in detections and vulnerabilities and the ability to see into the traffic flows is absolutely key. Look at it from my perspective as network security. We want to see what's going on east, west, between all the kinds of subscriptions and the tenants. We don't have that. We don't have that with any other product. Microsoft Sentinel gives us that kind of visibility.

Cons

It's hard to pinpoint anything that's wrong with it. It's the only thing is the cost. Everyone wants stuff cheaper, right? Because the product itself is hard to find flaws in, it does exactly what it says it does. I'd love to use it more, but the cost is too expensive, so you have to use it in specific use cases to drive down the cost. If you could open the floodgates, then you would basically use it more.

Likelihood to Recommend

Specifically for Microsoft Sentinel, it's going to have what's next to no value if you're not on Azure. You have to be in as your customer. If you want greater insight into what is going on in your cloud environment, turn Microsoft Sentinel on, but focus on where you enable it. You're not going to turn it on to see everything because it's not like focus on the areas where you are at risk or you believe you're at risk or something that you're, depending on your environment, do you have multiple subscriptions? Do you have a Microsoft Sentinel subscription that you just turned on, but it's not getting the visibility, and then you can alert on stuff that goes out of trend, etc.?

Verified User

C-Level Executive in Information Technology (10,001+ employees)

Vetted Review

1 year of experience

Microsoft Sentinel Review

Rating: 10 out of 10

Incentivized

April 7, 2026

Use Cases and Deployment Scope

We use Microsoft Sentinel as a fully managed Security Operations Center (SOC) service across all of its core capabilities. It serves as the central platform for managing security incidents across multiple customer environments. Our use of Sentinel includes continuous monitoring, incident triage and management, threat investigation, and coordinated response activities. This approach helps us deliver scalable, multi-tenant security operations, improve visibility across diverse environments, and provide timely, consistent detection and response to our customers.

Pros

Strong integration with the Microsoft security ecosystem allows seamless connection to services such as Microsoft Defender, Microsoft 365, and Azure. This makes it easy to bring together identity, endpoint, and cloud signals to support investigation and detection scenarios.
Effective correlation of alerts and incidents in collaboration with Microsoft Defender XDR helps combine related signals into higher‑fidelity incidents. This reduces noise and improves visibility into attack context, making investigations more efficient.
High scalability for data ingestion and processing enables large volumes of security telemetry to be handled efficiently.

Cons

An area for improvement is how case management is surfaced within the Microsoft Sentinel experience, as clearer integration into Sentinel workflows would reduce context switching and improve incident handling.
There is an opportunity to further expand agentic, autonomous investigation and response capabilities.

Likelihood to Recommend

I would recommend Microsoft Sentinel to customers who are invested in the Microsoft ecosystem and Azure, where it integrates well with existing security tools and enables rapid, cloud‑native deployment. It may be less appropriate for organizations that require a fully on‑premises SIEM or have limited adoption of Microsoft cloud services.

Verified User

Team Lead in Information Technology (11-50 employees)

Vetted Review

5 years of experience

Microsoft Sentinel Review

Rating: 10 out of 10

Incentivized

April 7, 2026

Use Cases and Deployment Scope

So we use Microsoft Sentinel for endpoint security. It gives us a lot of visibility, and that's been one of our key business problems. And the scope essentially just helps us secure all of our endpoints, and we have a large number of those.

Pros

One of the key features of the product is in terms of the patches. The patches are rolled out constantly, but they're rolled out in a phased manner, which some of the other companies don't necessarily do. And that has provided us with a lot of comfort and security. So, compared to a couple of years ago, when we had the CrowdStrike issue, we were not impacted because we use Microsoft Sentinel rather than CrowdStrike. And CrowdStrike did a whole blast upload of their patch, where Microsoft Sentinel doesn't do it that way.

Cons

Microsoft has a lot of products. And I think some of these products in certain areas may overlap. So maybe a room for improvement is to deduplicate some of the overlap areas and make some of the products simpler to use.

Likelihood to Recommend

It's well-suited in large organizations because there's a large number of products that we use, and a lot of them can be compatible. So everything from email to Teams to AI-powered tools to cyber protection and cloud. So all of these things can work sort of seamlessly, and therefore, it's well-suited to large organizations.

Verified User

Director in Information Technology (10,001+ employees)

Vetted Review

3 years of experience

Microsoft Sentinel Review

Rating: 7 out of 10

Incentivized

April 3, 2026

Use Cases and Deployment Scope

So generally, we use it for the entire data correlation in the Microsoft ecosystem. We are a user of Microsoft's Entra ID, Microsoft Intune, and Microsoft Defender for Info. For all these services, the generated logs would go to Microsoft Sentinel for our end-to-end security.

Pros

It's mainly the data correlation. For example, in the Microsoft ecosystem, Microsoft Entra ID is a primary component of the authentication and authorization mechanism. So whenever you're using tools like Microsoft Intune, Defender for Endpoint, Entra ID is the key signal, right? So Microsoft Sentinel correlates the logs from all these devices and services very well, so I can see a very detailed attack shape to figure out what's going on.

Cons

I think it's primarily going to be cost, since Microsoft Sentinel uses Microsoft Log Analytics as its base, right? So storing the logs and log retention is very expensive. That might result in users not adopting it as quickly. Second, I think Copilot for security can just do summarization and not many remediation tasks. In the future, we would like to see Copilot create many playbooks, including all box playbooks, to remediate many security issues.

Likelihood to Recommend

I think for standalone data and a lot of complex ETL inside Microsoft Sentinel, I would not recommend it that much because I still think that the log passer needs to do a lot of work. And the best circuit scenarios are, of course, if you are in a Microsoft ecosystem and very highly invested in a suite of Microsoft security tools and products, Microsoft Sentinel is your best fit.

Verified User

Vice-President in Information Technology (1001-5000 employees)

Vetted Review

3 years of experience

Microsoft Sentinel Review

Rating: 9 out of 10

Incentivized

April 2, 2026

Use Cases and Deployment Scope

I don't have any problems. We used to focus on the security and separate the backs from the logs. All the places in the school.

Pros

The interpretation of the logs is very good. And the dashboards. It's very good.

Cons

Maybe integrate only in one dashboard and don't have too many dashboards to see the operation

Likelihood to Recommend

For interpretation a lot

Verified User

C-Level Executive in Information Technology (5001-10,000 employees)

Vetted Review

10 years of experience

Microsoft Sentinel Review

Rating: 8 out of 10

Incentivized

April 1, 2026

Use Cases and Deployment Scope

We use Microsoft Sentinel as our primary SIM. We have many cloud applications that generate a lot of logs. We ingest all of those in Microsoft Sentinel. From there, we use other technologies to alert us.

Pros

Microsoft Sentinel integrates really well with SAP Rise, which is our ERP solution.

Cons

I would like to see some alerting options right in Microsoft Sentinel. For example, we have to use applications like PagerDuty and whatnot to then alert us on our cell phones. I wish Microsoft Sentinel would have that out of the box.

Likelihood to Recommend

I think any company that uses SAP in the cloud does so because of SAP Rise. SAP influenced how Microsoft Sentinel integrates with SAP. I think for anyone who uses SAP, Microsoft Sentinel is a great product. And people who do not use your XDR, it's really hard for them to start using Microsoft Sentinel. For example, if someone uses CrowdStrike, it's really contradictory for them to justify using Microsoft Sentinel. I think that's where it's probably less appropriate.

Sumer Tiwari

IT Director for Security in Information Technology at JBS USA (10,001+ employees)

Vetted Review

3 years of experience

My Experience With Microsoft Sentinel - Great SIEM Capabilities.

Rating: 9 out of 10

Incentivized

January 7, 2026

Use Cases and Deployment Scope

We use Microsoft Sentinel to boost our security, and it works amazingly well. It is our primary SOAR and SIEM solution, ensuring we have the best visibility into our security operations. With the tool in place, detection and responding to threats is easy thanks to its AI capabilities. In addition, it boosts our security by making it easy to collect data from all users, devices, and applications for threat analytics. Finally, it integrates with Microsoft products for better protection and management.

Pros

It works well as a SIEM and SOAR solution.
It comes with amazing AI threat detection capabilities.
It works across on-premises and multi-cloud environments.
It offers automated threat response.
Works well when it comes to threat analytics.
It supports integrations more so with Microsoft products such as MS Azure.

Cons

So far Microsoft Sentinel has been awesome. No serious challenges to list.

Likelihood to Recommend

I recommend Microsoft Sentinel for effective threat detection and response. It is a great SIEM and SOAR solution for businesses, and we have used it effectively, which is why I recommend it. Since it works across on-premises and multi-cloud environments, it is ideal for businesses of all sizes. Being AI-equipped and its ability to handle threat analytics make it irresistible.

Danisa Kaniaru

IT Specialist in Information Technology at Asociación de Internautas (51-200 employees)

Vetted Review

4 years of experience

Great SIEM

Rating: 8 out of 10

Incentivized

December 22, 2025

Use Cases and Deployment Scope

Microsoft Sentinel is utilized as our SIEM for all security event processing. This includes data from our on premise servers to the flow logs in our cloud environments. It provides us with a central way to correlated events and quickly gain contextual data on events taking place in our network. The Microsoft Security dashboard gives analysts a easy to use launch point to dive deeper into any alerts generated.

Pros

Cost
Easy M365 Data Ingestion
Central Management

Cons

Onboarding Instructions
More Third Party Use Cases
Additional Default Dashboards

Likelihood to Recommend

Microsoft Sentinel is a great choice for any customer who is entirely rooted in the Microsoft and windows environments. Sentinel has many data connectors to quickly get most log sources connected, but if you utilize various third party SaaS applications it may be difficult to ingest the data into Sentinel and it may not be the best pick for you.

Verified User

Manager in Information Technology (201-500 employees)

Vetted Review

2 years of experience

How I use Microsoft Sentinel to keep up in a Multi-client SOC

Rating: 7 out of 10

Incentivized

December 16, 2025

Use Cases and Deployment Scope

We support a mix of enterprise clients: banks, retail chains with weird legacy systems. So Microsoft Sentinel helps us wrangle all their logs into one place without losing our minds. My main day to day is triaging incidents coming from Microsoft Sentinel analytics and running KQL queries.

Pros

We get clean unified views across multiple clients
Built in hunting queries and analytics

Cons

As a junior analyst, I've struggled a lot with the learning curve. I had to pull off all-nighters at the start, just to wrap my head around Microsoft Sentinel

Likelihood to Recommend

I've learned to work around the automation and dashboards but I still stumble sometimes on writing the right KQL queries. It's a fit for anything to do with hunting, correlation and auto enrichments. You'll occasionally get overwhelmed with the alert storms. It's not Microsoft Sentinel's fault but it does require careful triage.

Kiera Lille

Junior SOC Analyst in Information Technology at Quantum Flairs (501-1000 employees)

Vetted Review

1 year of experience

Loading Reviews List....

Home
,
Security Information and Event Management (SIEM)
,
Microsoft Sentinel
,
Reviews and Ratings

Microsoft Sentinel Review

Rating: 10 out of 10

Incentivized

April 7, 2026

Use Cases and Deployment Scope

Pros

It's the scale. Having built-in detections and vulnerabilities and the ability to see into the traffic flows is absolutely key. Look at it from my perspective as network security. We want to see what's going on east, west, between all the kinds of subscriptions and the tenants. We don't have that. We don't have that with any other product. Microsoft Sentinel gives us that kind of visibility.

Cons

It's hard to pinpoint anything that's wrong with it. It's the only thing is the cost. Everyone wants stuff cheaper, right? Because the product itself is hard to find flaws in, it does exactly what it says it does. I'd love to use it more, but the cost is too expensive, so you have to use it in specific use cases to drive down the cost. If you could open the floodgates, then you would basically use it more.

Likelihood to Recommend

Verified User

C-Level Executive in Information Technology (10,001+ employees)

Vetted Review

1 year of experience