Trace Id is missing
Skip to main content
Microsoft Security
A top-down view of a person working at their desk.

Microsoft Sentinel

See and stop cyberthreats across your entire enterprise with intelligent security analytics.

Introducing a unified security operations platform

Move faster with Microsoft Sentinel and Defender XDR, a security operations (SecOps) platform that brings together the capabilities of extended detection and response (XDR) and security information and event management (SIEM).

Build next-generation SecOps

Uncover sophisticated cyberthreats and respond decisively with an easy and powerful SIEM solution, built on the cloud and enriched by AI.

Help protect your digital estate

Secure more of your digital estate with scalable, integrated coverage for a hybrid, multicloud, multiplatform business.

Empower your security teams

Optimize your security operations center (SOC) with advanced AI, world-class security expertise, and comprehensive threat intelligence.

Detect, investigate, and respond effectively

Stay ahead of evolving cyberthreats with a unified set of tools to monitor, manage, and respond to incidents.

Lower your total cost of ownership

Get started faster while reducing infrastructure and maintenance with a cloud-native software as a service (SaaS) solution.

See what's possible with a next-generation SIEM enriched by AI, automation, and threat intelligence.

Microsoft Sentinel capabilities

A content hub in Microsoft Sentinel.

Collect data at cloud scale

Easily connect your logs with Microsoft Sentinel using built-in data connectors—across all users, devices, apps, and infrastructure—on-premises and in multiple clouds.

An overview of Microsoft Sentinel showing alerts, anomalies, and activities on a timeline.

Stay ahead of cyberthreats

Gain more contextual and behavioral information for cyberthreat hunting, investigation, and response using built-in entity behavioral analytics and machine learning.

A multi-stage incident investigation in Microsoft Sentinel.

Streamline investigation with incident insights

Visualize the full scope of a cyberattack, investigate related alerts, and search historical data.

A list of playbook templates for automation in Microsoft Sentinel.

Accelerate response and save time by automating common tasks

Triage incidents rapidly with automation rules and automate workflows with built-in playbooks to increase SOC efficiency.

Back to Tabs

Microsoft Copilot for Security is now generally available

Use natural language queries to investigate incidents with Copilot, now with integrations across the Microsoft Security suite of products.

Unified security operations platform

Secure your digital estate with the only security operations (SecOps) platform that unifies the full capabilities of extended detection and response (XDR) and security information and event management (SIEM).

Animation of microsoft defender dashboard homepage

Unified portal

Detect and disrupt cyberthreats in near real time and streamline investigation and response.

Back to tabs

Modernize your SOC with Microsoft Sentinel

Microsoft Sentinel delivers an intelligent, comprehensive SIEM solution for cyberthreat detection, investigation, response, and proactive hunting.

Video container
A person using a tablet to view the e-book titled Empower Your Security Team with a Modern Operations Center

Empower your security team with a modern SOC

Learn how to automate time-consuming tasks, get a clear view of your digital estate, and improve your security posture with a modern SIEM.

Discover The Total Economic Impact™ of Microsoft Sentinel

The Total Economic Impact™ of Microsoft Sentinel

Study found decreased total cost of ownership and 234% return on investment with Microsoft Sentinel.1

A speaker giving a presentation

The Total Economic Impact™ of Microsoft SIEM and XDR

Read this commissioned study conducted by Forrester Consulting to learn how Microsoft SIEM and XDR provide cost savings and business benefits.2

A person giving a presentation

Industry recognition

Microsoft Security is a recognized industry leader.

See what our customers are saying

Related products

A person working at their desk with multiple screens.

Azure Monitor

Collect, analyze, and act on telemetry data from your Azure and on-premises environments while maximizing the performance and availability of your applications.

A person with one eye closed smiling.

Microsoft Defender XDR

Prevent and detect cyberattacks across your Microsoft 365 workloads with built-in XDR capabilities.

Two people working together at a desk.

Microsoft Defender Threat Intelligence

Help protect your organization from modern adversaries and cyberthreats, such as ransomware.

A person working at their desk.

Microsoft Defender for Cloud

Help protect your multicloud and hybrid cloud workloads with built-in XDR capabilities.

Documentation and training for Microsoft Sentinel

Documentation

Get started using Microsoft Sentinel

Explore resources, best practices, and use cases to learn how to achieve more with Microsoft Sentinel.

Pricing

Explore Microsoft Sentinel pricing options

Get a cost-effective, cloud-native SIEM solution with predictable billing and flexible pricing options.

Blog

See the latest Microsoft Sentinel innovations

Learn how to safeguard your enterprise against advanced cyberthreats with intelligent security analytics.

Protect everything

Make your future more secure. Explore your security options today.

Frequently asked questions

  • Microsoft Sentinel is a modern, cloud-native SecOps platform that provides next-generation SIEM and security orchestration, automation, and response (SOAR) to help you proactively protect your digital estate. Collect data at scale, detect breaches and anomalies, investigate cyberthreats, and remediate issues with this single solution.

    Empower your security teams to rapidly hunt and resolve critical cyberthreats with Microsoft Sentinel.

    Learn more

  • Azure Sentinel was renamed Microsoft Sentinel to reflect the breadth of the product's capabilities and provide protection across multiple cloud solutions.

  • Microsoft Sentinel provides SIEM and SOAR capabilities in one solution.

  •  Microsoft Defender XDR is an XDR solution that provides security across your multiplatform endpoints, hybrid identities, emails, collaboration tools, and cloud apps. It uses incident-level visibility across the cyberattack chain, automatic cyberattack disruption, and unified security and access management to accelerate the response to sophisticated cyberattacks. Tools like Microsoft Sentinel complement these capabilities with SIEM and SOAR to ingest logs from across an organization’s entire digital estate, providing further automation and response and cyberthreat-tracking capabilities across systems.

  • Microsoft Sentinel is a separate offering from Microsoft Defender XDR, but customers using both products get a unified experience with a single view for features such as the incident queue and advanced hunting. This combination brings customers a solution that builds on the best of SIEM and XDR, delivering the most efficient security operations tools.

  • [1] The Total Economic Impact™ Of Microsoft Sentinel, A Forrester Consulting Total Economic Impact™ Study Commissioned by Microsoft, March 2023.
  • [2] The Total Economic Impact™ Of Microsoft SIEM and XDR, A Forrester Consulting Total Economic Impact™ Study Commissioned by Microsoft, August 2022.
  • [3] KuppingerCole Analysts, Leadership Compass: Security Orchestration Automation and Response (SOAR), Alejandro Leal, January 30, 2023.
  • [4] The Forrester Wave™: Security Analytics Platforms, Q4 2022, Allie Mellen with Joseph Blankenship, Caroline Provost, Kara Hartig, December 14, 2022.
  • [5] KuppingerCole Analysts, Leadership Compass: Intelligent SIEM Platforms, Alexei Balaganski, January 20, 2022.

Follow Microsoft Security