Introducing a Unified Security Operations Platform with Microsoft Sentinel and Defender XDR
Published Nov 15 2023 08:00 AM 66K Views

Introducing a Unified Security Operations Platform with Microsoft Sentinel and Defender XDR


Security teams are tasked with more responsibilities than ever before, and the complexity of today’s security tooling landscape doesn’t make their job any easier. They need to sift through vast amounts of data from various sources that can lead to slower threat response and resolution, increased time spent on learning new technologies, more integrations, and less comprehensive insights. Furthermore, managing the costs associated with data handling remains a significant challenge.


Microsoft is committed to empowering these teams by consolidating the multitude of tools necessary for protecting a digital estate into a single, effective solution powered by AI and automation. This addresses a key pain point in the cybersecurity industry: the need for protection of the entire digital estate and boosting SOC efficiency with simplified tooling experience and management.


Today, we enable SOC teams to build robust protection using Microsoft Defender XDR (formerly Microsoft 365 Defender), the market’s most comprehensive XDR platform. It provides unified visibility, investigation, and response across endpoints, hybrid identities, emails, collaboration tools, cloud apps, cloud workloads and data. Additionally, our cloud native SIEM solution, Microsoft Sentinel, offers unparalleled visibility into the overall threat landscape, extending coverage to every edge and layer of the digital environment. These experiences are natively integrated with bidirectional connectors, enabling security operations teams to benefit from the comprehensiveness and flexibility of the SIEM and the threat-driven approach of the XDR.


We believe it’s time to further unify the security toolkit for our customers and deliver a solution that will meet the needs of an increasingly complex security landscape.


SecOps tooling built for defenders.


Today we are announcing an exciting private preview that represents the next step in the SOC protection and efficiency journey by bringing together the power of Microsoft Sentinel, Microsoft Defender XDR and Microsoft Security Copilot into a unified security operations platform with one experience, one data model and unified features, all enhanced with more AI, automation, attack disruption and curated recommendations. The move to a unified security operations platform means a fully integrated toolset for defenders to prevent, detect, investigate, and respond to threats across every layer of their digital estate.  The platform blends the best of SIEM, XDR, and Threat Intelligence with advanced generative AI. This allows security teams to work more efficiently and effectively, heralding a transformation in security operations.


With this announcement we will deliver:


  • A Unified Platform. Comprehensive features across SIEM and XDR ensure better workflow, better results, and less work. We are bringing Microsoft Sentinel into the Defender portal, so that customers can now dramatically reduce tool switching, empowering them to build a more context-focused investigation that expedites incident response and stops breaches faster. We are unifying capabilities including single data model, advanced hunting and incident management. To participate, you must be part of our private preview community. Learn more here.

  • Embedded Security Copilot. To help analysts scale and uplevel their skills, Security Copilot capabilities are integrated into the unified SOC platform and exposed directly in Defender portal experience. Security Copilot harnesses AI to support analysts with complex and time-consuming daily workflows, including end-to-end incident investigation and response with clearly described attack stories, step-by-step actionable remediation guidance and incident activity summarized reports, natural language KQL hunting, and expert code analysis - optimizing on SOC efficiency across Microsoft Sentinel and Defender XDR data. Learn more about Microsoft Security Copilot.

  • Automatic Attack Disruption. The unified security operations platform is built to support a more automated SOC that better protects an organization’s assets. With AI and automated features across the lifecycle to ensure defenders keep their organizations safer. Microsoft Defender XDR customers may be familiar with automated attack disruption, which uses high-confidence signals collected from Microsoft Defender XDR to automatically disrupt active attacks at machine speed, containing the threat and limiting the impact. Now, we are extending these XDR capabilities to non-Microsoft data brought in through the SIEM, starting with SAP.

  • Tailored recommendations. The new SOC optimization feature will be available for Microsoft Sentinel customers in private preview, both in the unified SOC platform and in the Azure portal. New data ingestion analysis will provide recommendations to help manage costs, ensure value on all data ingested and better protect companies against threats. Tailored suggestions will be available to customers for things like recommended data log tiers, adding relevant content on top of data or ingesting new sources to protect against relevant threats. 


With these new capabilities, SOC teams can confidently protect their entire organization and all its components—including hybrid identities, endpoints, cloud apps, business apps, email and docs, IoT, network, business applications, OT, infrastructure and cloud workloads—with the only unified security operations platform that delivers full SIEM and XDR capabilities.


We are offering flexibility in how you adopt this new experience as every organization has its own unique needs, vendor journeys, and budget requirements. You can continue to use just the SIEM solution, just the XDR components, or maximize their benefits with SIEM and XDR together by joining the private preview. There is no change to the business model or the pricing of Microsoft Defender XDR and Microsoft Sentinel and organizations using both will continue to receive existing benefits.  Additionally, we are announcing a SIEM migration tool to further simplify and accelerate migrations to Microsoft Sentinel.


In line with our tradition of thoughtful progression, we are meticulously advancing towards consolidation, ensuring a seamless experience for our customers. We will progressively introduce new capabilities, making certain that this enhanced experience can cater to all our customers and address emerging use cases. The existing Microsoft Sentinel experience within Azure will remain available without any impact on operations, ensuring customers have an uninterrupted experience.


Empowering security operations to protect more, easily.


Some vendors deliver XDR, some deliver SIEM. Microsoft believes that customers will benefit most from a solution that harnesses the power of both to strengthen security posture and prevent attacks while providing more automation and intelligence.


We are committed to delivering the best AI with the most integrated experience and the broadest coverage of resources so you can defend at machine speed. Thank you for your continued partnership and invaluable input on this journey to deliver the most comprehensive threat protection to our global customers. To learn more about these announcements please make sure to tune into Ignite this week.


Learn More

Microsoft is committed to empowering our customers with modern security tools and platforms to enable critical protection for your organization and users. See additional resources below.


What else is new with Microsoft Sentinel?

Additional resources:

Version history
Last update:
‎Nov 19 2023 08:11 AM
Updated by: