Dark Light
Home Get Pro Blog About
Reddit Scout Logo

Reddit Scout

Discover reviews on "microsoft sentinel" based on Reddit discussions and experiences.

Last updated: February 26, 2026 at 08:35 PM
Go Back

Reddit Comments Summary on "Microsoft Sentinel"

Microsoft Sentinel Pricing and Licensing

  • Users report confusion with Microsoft Sentinel's licensing and pricing models, making it challenging for forecasting and planning.
  • Nonprofit organizations faced confusing licensing and CSP issues with Microsoft Sentinel, but found success by switching to a CSP with better security understanding and starting small with core logs.
  • Pricing for Microsoft Sentinel is based on log ingestion and log retention, with costs varying based on the type of security data ingested and retained.
  • A user mentioned they took the initiative to get pricing info for Sentinel but opted for their current SIEM vendor due to better renewal pricing.

Microsoft Licensing and Integration Challenges

  • Some users highlighted difficulty in achieving full integration with Microsoft products and the complexity of tying all products together.
  • Microsoft's knowledgebase and licensing are perceived as purposely confusing to compel users to engage consulting firms.
  • Integrating Microsoft Sentinel can be challenging for small organizations, especially due to costs and complexities.

User Experiences with Microsoft Sentinel

  • Some users expressed frustration with Sentinel's licensing, cost, query language, SOAR capabilities, integrations, and the underwhelming experience with Lighthouse.
  • Learning Sentinel/Defender is perceived as more challenging compared to other platforms by new analysts.
  • Sentinel is noted as not being well-suited for small shops, unless significant resources are available.
  • Setting up Playbooks in Sentinel seems to be a challenging task for users.
  • Navigating costs and pricing in Sentinel can be complex, especially when evaluating options like data lake versus normal retention.

Alternative Security Platforms

  • Rapid7 is praised for being more straightforward to deploy and has good MDR add-ons, with strong support experiences.
  • Users reported positive experiences with Rapid7's Log Management and Threat Detection.
  • Comparisons between Sentinel, Splunk, Chronicle, and LogRhythm were made in terms of speed, user-friendliness, interfaces, effective parsing, and flexibility.
  • Siemplify/Chronicle was described as a failed product by some users, with difficulties in implementation and overall satisfaction.

Geolocation and Conditional Access

  • Suggestions for geolocation tracking include using Conditional Access to block access from outside certain countries or using hardware 2FA tokens with GPS access.
  • Issues with user location tracking and the challenges of ensuring accuracy and compliance with legal requirements were discussed.
  • Methods to implement geofencing and enhance location restrictions for remote work scenarios were mentioned, including hardware and software solutions.

These summaries cover various aspects of Microsoft Sentinel, including pricing, user experiences, integration challenges, and comparisons with other security platforms and geolocation tools.

Products Mentioned

Rapid7

Rapid7

Splunk

Splunk

LogRhythm

LogRhythm

Siemplify

Siemplify

Chronicle

Chronicle

Microsoft Sentinel

Microsoft Sentinel

Sourced from these Posts

Sitemap | Privacy Policy

Disclaimer: This website may contain affiliate links. As an Amazon Associate, I earn from qualifying purchases. This helps support the maintenance and development of this free tool.