Blog Post

Microsoft Sentinel Blog
1 MIN READ

A third-party connector integrating Claude with Microsoft Sentinel is now available

mcasgrain's avatar
mcasgrain
Icon for Microsoft rankMicrosoft
Apr 01, 2026

Security teams are increasingly exploring how AI assistants support them in investigating incidents, asking questions, and exploring their data. At the same time, controlling how data is accessed remains critical. Today, we’re sharing how Sentinel can support a third-party AI assistant like Claude through a new integration approach using Sentinel’s Model Context Protocol (MCP) server, while continuing to rely on Microsoft Entra ID for enterprise grade authentication and access control. This approach uses Microsoft Sentinel with Entra ID to let third-party AI tools access Sentinel data.

Why this matters

Sentinel customers can explore security data using natural language to assist investigations, while preserving strict tenant isolation and access controls, without managing app registrations or shared secrets. AI third-party assistants like Claude can access Sentinel through Microsoft’s existing security infrastructure. When a query is made, the assistant calls the Sentinel MCP server, which enforces authentication via Entra ID before returning data. This third-party connector is now available. Click here for detailed guidance.

Resources

 

Updated Apr 10, 2026
Version 2.0

7 Comments

    • Amol_Dixit's avatar
      Amol_Dixit
      Icon for Microsoft rankMicrosoft
      Apr 06, 2026

      Thanks for reporting BenStegink​. We have fixed the documentation to include correct permissions. Please let us know if you hit any other issues.

      • BenStegink's avatar
        BenStegink
        Steel Contributor
        Apr 06, 2026

        Amol_Dixit​ I'm still having additional issues getting it working. Once I configured all the API permissions and try to connecting from Claude I get the OAth consent flow for the AI permissions. Once I accept for the org (I'm a global admin). I get the following error in Claude:


        If I try to go through the connection again, I just get stuck in a loop of having to go through the OAuth flow follow by a failure in Claude


        If I look in Entra, I'm seeing successful logins, so it looks like everything is successful. So there appears to be some issue with the handoff back to Claude. I feel like if this was a widespread issue, more people would be commenting about it, but I also can't find where the issue might be after pouring over this.

         

  • pvshetty1's avatar
    pvshetty1
    Copper Contributor
    Apr 01, 2026

    On the APIs my organization uses tab, search for Platform Services, but unable to see Platform Services listed here anyone facing this issue, kindly help

    • Amol_Dixit's avatar
      Amol_Dixit
      Icon for Microsoft rankMicrosoft
      Apr 06, 2026

      Thanks for reporting pvshetty1​ ​. We have fixed the documentation to include correct permissions. Please let us know if you hit any other issues.

  • john66571's avatar
    john66571
    Iron Contributor
    Apr 01, 2026

    Fun stuff!
    But im very confused - How is this strict tenant isolation exactly? you are piping the data into Anthropics servers (claude).
    No security minded operation would ever pipe their own company (or customers) data into any open model. As there is no mentioned here about selfhosted models or isolated versions one would assume the masses would read this article and enable Sentinel MCP to their current IDE (vscode most cases) and just let it rip. 

    The only thing mentioned is authentication for your tenant. However, the model will still retrieve and process your data somewhere else then in your own tenant. 
    Or does Sentinel MCP actuall wash your data from PII and other regulatory protected data? (that is not mentioned in the article about Sentinel MCP).

    • mcasgrain's avatar
      mcasgrain
      Icon for Microsoft rankMicrosoft
      Apr 10, 2026

      That’s a great callout — and you’re right that Anthropic models are only hosted by Anthropic today. That’s just the current reality of how these models are made available in the market.