How Microsoft’s leading SIEM is getting even better

Microsoft Sentinel, our AI-powered Security Incident Event Management (SIEM) solution, continues to lead the way on security team priorities to streamline security operations, improve threat detection, and optimize costs. In this post, we’ll explore these key improvements and how they empower the SOC to achieve greater security outcomes against ever-evolving threats. 

 

Read on to learn more about what's new with Microsoft Sentinel and tune in to our session at Ignite in person or streaming on 11/20, check out our session here.

Microsoft’s Established Leadership in SIEM Innovation

Microsoft Sentinel has firmly established itself as a leader in SIEM space. Serving over 25,000 customers, Microsoft Sentinel has been recognized as a SIEM leader in industry reports by Gartner, Forrester, and IDC. Most recently, Microsoft Sentinel was named a 2025 Buyers Choice winner by TrustRadius  for Security Information and Event Management. This leadership is a testament to our commitment to security innovation, ensuring that our customers receive a comprehensive and effective security operations platform.

Microsoft’s Unified Security Operations Platform: A Seamless Experience

New! We are excited to announce that Microsoft Sentinel customers, regardless of whether they are using any Microsoft Defender XDR workloads, can now easily access and take advantage of Microsoft’s unified security operations platform in the Defender portal. We are also expanding access to customers using our GCCH and DoD clouds.

 For customers interested in trying out the new experience, simply go to security.microsoft.com and follow the wizard to onboard a Microsoft Sentinel workspace. Your experience in Azure will continue to be available and supported.

This new experience will allow Microsoft Sentinel customers to benefit in several ways including:

• Enhance protection: An enhanced, XDR-powered correlation engine with out of the box detection rules that help increase accuracy and speed of correlation across XDR, SIEM logs and threat intelligence by 50%. Customers can benefit from this whether or not they have a Defender XDR license.
• Move faster: Embedded Security Copilot experience for Microsoft Sentinel customers using Copilot.
• Save money: Cost savings for Microsoft Sentinel customers using Defender XDR, eliminating the need to ingest XDR data to correlate incidents or perform advanced hunting for 30 days.

Learn more about what’s new with the unified security operations platform here.

Simplifying Data Onboarding Across Digital Estates

As organizations expand, onboarding disparate security data sources can be time-consuming and complex. Microsoft Sentinel has made this easier by investing in new out-of-the-box connectors, codeless custom connectors, and enhancements to the search experience for content discovery.

• New! Expanding out of the box coverage: Over the last year, we’ve added many new connectors and solutions, and enhanced many of our existing ones, helping our customers get set up more easily to bring on data from across their digital estate. Learn more here.
• New! Improved search in Content Hub: Enhanced search leveraging AI will allow customers to discover which of the over 400 solutions will be most relevant to their organization’s needs.
• New! Enhancements to SAP and MS Business Applications: We have multiple updates to the Microsoft Sentinel Solution for SAP solution including the introduction of an agentless connector, which cuts down deployment time from weeks to as little as two hours. We’ve also introduced coverage for Rise with SAP infrastructure level monitoring. Customers using both Microsoft Sentinel and Defender XDR to protect SAP environments will gain additional new capabilities like incident enrichments with SAP insights and activities as well as research-based SAP data theft scenarios protection. As part of Microsoft Sentinel’s ecosystem expansion strategy, we also launched native integration with SAP Enterprise Threat Detection, maximizing synergetic value for joint customers.
• New! Microsoft Sentinel solution for MS Business Applications is coming to public preview this week, unifying the Microsoft Sentinel solutions for Dynamics 365 CE Apps, Dynamics 365 F&O and Power Platform, providing threat protection across customer’s MS Business Applications digital estate. 

Managing Security Data Costs with Cloud Flexibility

With growing digital ecosystems, managing security data and costs is a critical concern for many organizations. Organizations are generating vast amounts of data and managing this data efficiently while maintaining robust security controls can be challenging. Microsoft Sentinel recently announced ways to address these challenges with new, cost-effective data management features that provide the flexibility needed to handle high volumes of data without compromising on security. These enhancements empower customers to balance their operational needs with cost efficiency, ensuring comprehensive security coverage without overspending.

• Recently announced! Auxiliary Logs: Store and query large volumes of non-critical data at a fraction of the cost. See blog here for more details.
• Recently announced! Summary Rules: Aggregate alerts from Auxiliary logs into summarized insights that can be routed to Analytics Logs. This optimizes data flexibility, ensuring comprehensive security coverage without overspending. Learn more here.
• SOC optimization provides tailored recommendations to help security engineers streamline operations, improve protection and reduce costs. Since it’s launch last year, we’ve seen customers improve their protection by 17%* and reduce unused data by up to 30%*. Learn more about how SOC optimization and its API can help your organization.  

Expanding Threat Intelligence Capabilities 

Detecting threats early and accurately is crucial for effective security operations. Microsoft Sentinel leverages artificial intelligence, our unparalleled in-house threat intelligence and research and a customer’s third-party threat feeds to provide a more proactive and precise approach to threat detection.

• Recently announced! Automatic Enrichment of Network Data Logs: DNS & Network Session logs that are normalized through our advanced security information model, are now automatically enriched with Microsoft threat research. This will help customers to discover IoCs within their logs through Microsoft’s proprietary insights, value they can only get when using our threat protection products.
• Coming soon! Additional threat intelligence dimensions for advanced hunting: We will be adding new threat intelligence dimensions for advanced threat hunting allowing customers to ingest and curate new STIX objects and enhance their analytic rules to trigger targeted threat actor and attack patterns alerts.

Leveraging Security Copilot to empower the SOC

Security Copilot provides analysts with automated recommendations, triage assistance, and routine task automation. Our most recent research finds that adoption of  Security Copilot can lead to a 30% reduction in the mean time to respond (MTTR).  We continue to invest in Copilot capabilities to enhance the impact and effectiveness in the SOC for  Microsoft Sentinel customers. Some innovations include:

• Coming soon! Incident summary embedded in Microsoft Sentinel Azure portal: For customers that aren’t ready to use the new unified security operations platform experience, but want to leverage Copilot in their Microsoft Sentinel investigations, we will soon make incident summaries available in the Azure portal.
• Recently announced! UI enhancement: Now you can keep the embedded Copilot side panel in the unified SecOps platform experiences open or closed according to your preference.

Learn more about what’s new with Security Copilot in the SOC click here and for a broad look at Copilot see here.

Getting Started with Microsoft Sentinel

Help us shape the future of Microsoft Security products by joining ​
our community! ​
Members of the Customer Connection Program (CCP) have the opportunity to provide feedback directly to engineering as well as engage with other customers and partners. You will also be able to share your insights and feedback on key features, workflows, concerns, and timelines. Your participation will help us build the right product from the start, align with your strategic goals, and accelerate adoption aka.ms/joinccp

See Microsoft Sentinel in action

Check out our latest mechanics video that showcases some of the latest innovations in Microsoft Sentinel

 

*based on Microsoft internal research