Likelihood to Recommend **Well Suited:**- **Enterprise Environments:** - Ideal for large-scale enterprise environments with a diverse IT infrastructure, offering comprehensive coverage across endpoints, networks, and cloud services.- **Integrated Microsoft Ecosystem:** - Excellently suited for organizations heavily invested in the Microsoft ecosystem, providing seamless integration with other Microsoft security tools and services.- **Proactive Threat Detection:** - Well-suited for organizations that prioritize proactive threat detection and response, leveraging advanced analytics and machine learning for early anomaly identification.- **Regulated Industries:** - Particularly beneficial for businesses in regulated industries, such as finance or healthcare, where compliance with stringent data protection regulations is crucial.**Less Appropriate:**- **Small Businesses with Limited Resources:** - Might be less appropriate for small businesses with limited resources or those with a simpler IT infrastructure, as the comprehensive features may exceed their specific needs.- **Highly Specialized Security Requirements:** - In scenarios where a business has highly specialized security requirements that necessitate specific, niche solutions, Microsoft Defender XDR might be less flexible compared to specialized security tools.- **Non-Windows Environments:** - Less appropriate for organizations predominantly using non-Windows operating systems, as it is optimized for integration within the Microsoft ecosystem.- **Organizations with Strict Bandwidth Constraints:** - In environments with strict bandwidth constraints, continuous monitoring and analysis by Defender XDR could potentially impact network performance.
Read full review Well, it's definitely suited to log in monitor most of the normal security infrastructure and collect security telemetry. It also extends well to Microsoft's entire suite with regards to data collection for things like Office 365, Power BI, power apps, and the like. It is also pretty good at collecting information from homegrown applications, especially if you're building in Azure.
Read full review Pros I am a huge fan of Microsoft Defender for Endpoint within Microsoft 365 Defender. It is one of the most professional and reliable EDR (Endpoint Detection and Response) tool out there providing excellent features like vulnerability management, baseline assessments, device discovery etc. Microsoft Defender for Office365 (Email Security) is yet another class apart product in this Microsoft 365 Defenderr stack. It is one of the easiest to use tools among all the other Microsoft security products yet at the same time offers such a wide variety of features like threat policies (anti-spam, anti-malware, anti-phishing etc.), attack simulation, message trace etc. Incident Management is the main USP of Microsoft 365 Defender due to which it can actually be considered as a true XDR. The intuitive and user-friendly UI, the very useful attack story view, broad classifications, automated investigation etc. etc. etc.; the list of awesome features just goes on. Read full review Sentinel is by far the most efficient tool in supporting the highest number of solutions and products when it comes to data connection (or ingestion) and that too in the least complex manner possible. Most of the data connectors in Sentinel are very easy to configure and deploy. Incident Management is undoubtedly one of the main USPs of Sentinel. With an easy-to-use UI, variety of utilities (adding tasks, manual triggering of playbooks, activity logs etc.) and provision of having an investigation map from the incident details page, Sentinel clearly stands out in this area. I personally love the feature of integrating 'Threat Intelligence' to Sentinel from a free and one of the most reliable sources, Microsoft itself. This not only saves time for an analyst in checking the reputation of an entity but also allows to take actions on the suspicious entities at earliest. Read full review Cons Setting up Microsoft 365 Defender integration with other tools or platforms might be challenging and require technical know-how. Improving its third-party security tools integration and simplifying the setup process would offer a smoother experience for security teams. A simpler way to improve security operations is by having a more cohesive way of detecting and responding to threats across different security solutions. Read full review It takes some time to learn how to use and install it properly, and it does not connect effectively with external PaaS systems such as Salesforce CRM, Salesforce Commerce Cloud, and so on. Microsoft can simplify the display of the logs to make them easier to study, and the user interface occasionally delays, which can also be enhanced. Read full review Usability Too complicated sometimes, doesn't explain the meaning of certain features or problems encountered.
Read full review The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.
Read full review Support Rating Microsoft Support is really good in calls and uptime availability and they are helpful in understanding and fixing issues and reporting the bugs, also the first line support is amazing in fixing bugs and releasing the new patches.
Read full review Azure Sentinel is very easy to use and configure. If you are stuck somewhere, Microsoft support is excellent in assisting and solving your issue.
Read full review In-Person Training Good and hard to find someonme who can explain everything for you beside Microsoft they provide you everything you need.
Read full review Online Training Microsoft Provides a good training for the Microsoft 365 Defender and has a good learning paths to learn and take the exams and get your Certifications.
Read full review Alternatives Considered We used the MS XDR as this is a bundle that we bought when we subscribed to the M365 platform, so having it was a bonus as we stated earlier, but due to limitation on licenses in Sentinelone, having this is just a blessing for us, so we can reduce around 200 licenses and can utilize it for other users
Read full review The key advantage of using Sentinel lies in Microsoft already being a renowned name in cloud services. Hence, the Collection of data at the cloud scale across all users, devices, applications, and infrastructure, both on-premises and especially in the MS Cloud, is super easy. Additionally, leveraging Threat Intel from Microsoft itself gives a sense of security, given their years of experience in the collection of intel. The AI and Machine learning features provided by MS is one of the finest.
Read full review Professional Services Did not use professional services
Read full review Return on Investment Depending on the licensing you pay for, Defender is included and a great ROI cost wise In terms of time spent, Defender can be a large time suck but yield positive results for end users Generally, it pays to learn and train in Defender BEFORE there is a problem and you need to really use it. Read full review Less overhead on integration of cloud-native logging The KQL language is very helpful since it can be used for security and operational monitoring but as well for workbooks and dashboarding A large community developing solutions is very helpful for a quick adoption Read full review ScreenShots Microsoft Defender XDR Screenshots Microsoft Sentinel Screenshots