{"id":6906,"date":"2021-06-17T07:27:01","date_gmt":"2021-06-17T14:27:01","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=6906"},"modified":"2026-04-03T12:55:07","modified_gmt":"2026-04-03T19:55:07","slug":"boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\/","title":{"rendered":"Boosting Microsoft\u2019s response to cybersecurity attacks with Microsoft Sentinel"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"112\" class=\"size-medium wp-image-7498 alignright\" style=\"margin-top: 0px;\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/ms-digital-technical-stories-300x112.png\" alt=\"Microsoft Digital technical stories\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/ms-digital-technical-stories-300x112.png 300w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/ms-digital-technical-stories.png 500w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><em>We periodically update our stories, but we can\u2019t verify that they represent the full picture of our current situation at Microsoft. We leave them on the site so you can see what our thinking and experience was at the time<\/em>.<\/p>\n<p>Sometimes you outgrow the capabilities of a well-loved tool\u2014that\u2019s exactly what happened to Microsoft and its on-premises Security Information Event Management (SIEM) system. Thanks to a timely assist from Microsoft Sentinel, the company hasn\u2019t missed a beat.<\/p>\n<blockquote class=\"quote-body\"><p>Our old SIEM capped out at 10 billion events daily. We had already begun to leverage other solutions to keep increasing our security monitoring coverage.<\/p>\n<p class=\"source\">&#8211; Mei Lau, principal PM manager, Microsoft Security<\/p>\n<\/blockquote>\n<p>As an enterprise, Microsoft\u2019s footprint is massive. The company sees a lot of malicious traffic, which results in more than 20 billion cybersecurity events per day. This massive wave of noise was hard to sort through to find real threats\u2014until the company\u2019s internal security team turned to <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/azure-sentinel\/\" target=\"_blank\" rel=\"noopener\">Microsoft Sentinel<\/a>, which, thanks to the cloud and AI, has the power to keep up with that volume.<\/p>\n<p>\u201cOur old SIEM capped out at 10 billion events daily,\u201d says Mei Lau, principal PM manager for Microsoft Security, the organization that powers, protects, and transforms Microsoft. Lau is responsible for leading the migration of Microsoft\u2019s legacy SIEM to the cloud-based Microsoft Sentinel. \u201cWe had already begun to leverage other solutions to keep increasing our security monitoring coverage.\u201d<\/p>\n<p>Because running out of capacity could lead to a worst-case scenario, Lau\u2019s team works with the Microsoft Sentinel product group to test and pilot the new security monitoring system, which includes several time-saving and modern solutions that empower security analysts to connect to and query datasets quickly and easily.<\/p>\n<p>\u201cIngesting data into our legacy SIEM took hours,\u201d Lau says. \u201cIn Microsoft Sentinel, it takes around 10 minutes, which is 18 times faster.\u201d<\/p>\n<p>Now, they have deployed the cloud-based version of SIEM throughout Microsoft\u2019s internal Security Operation Centers (SOC). In partnering with Microsoft Security, which provides enterprise IT capabilities across Microsoft (including security), the Microsoft Sentinel team introduced several time-saving and modern solutions that empower security analysts to connect and query datasets quickly and easily. Best of all, they\u2019re using the power of cloud computing at scale.<\/p>\n<p>[<a href=\"https:\/\/www.microsoft.com\/en-us\/itshowcase\/implementing-a-zero-trust-security-model-at-microsoft\"><em>Discover how Microsoft protects its network with Zero Trust<\/em><\/a>. <a href=\"https:\/\/www.microsoft.com\/en-us\/itshowcase\/improving-security-by-protecting-elevated-privilege-accounts-at-microsoft\"><em>Find out how Microsoft uses elevated-privilege accounts for security<\/em><\/a>.]<\/p>\n<p><iframe title=\"Securing the enterprise and responding to cybersecurity attacks with Microsoft Sentinel\" src=\"https:\/\/www.youtube.com\/embed\/dtyDMjMvN98\" aria-labelledby=\"Securing the enterprise and responding to cybersecurity attacks with Microsoft Sentinel\"><\/iframe><span style=\"font-size: 10pt;\">For a transcript, please view the video on YouTube: <a href=\"https:\/\/www.youtube.com\/watch?v=dtyDMjMvN98\" target=\"_blank\" rel=\"noopener\">https:\/\/www.youtube.com\/watch?v=dtyDMjMvN98<\/a>, select the &#8220;More actions&#8221; button (three dots icon) below the video, and then select &#8220;Show transcript.&#8221;<\/span><\/p>\n<div style=\"margin-top: -5px;\"><em>Mei Lau, principal PM manager, is leading the migration of Microsoft\u2019s legacy Security Information Event Management (SIEM) system to Microsoft Sentinel, which enables security analysts to quickly connect datasets and rapidly investigate or respond to potential security threats.<\/em><\/div>\n<p><strong>Getting it right with the right partners<\/strong><\/p>\n<p>The Microsoft Sentinel product team tapped the expertise of the company&#8217;s internal security team in Microsoft Security for insights about how to improve the product. Their input helped shape Microsoft Sentinel into a SIEM that dramatically improved how efficiently it responds to threats.<\/p>\n<blockquote class=\"quote-body\"><p>If we can help them be successful, we\u2019re also helping our large customers, who often have the same challenges, requirements, and needs.<\/p>\n<p class=\"source\">&#8211; Laura Machado de Wright, principal PM manager, Microsoft Sentinel product team<\/p>\n<\/blockquote>\n<figure id=\"attachment_12746\" aria-describedby=\"caption-attachment-12746\" style=\"width: 450px\" class=\"wp-caption alignright\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-12746\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/10190_SME1-300x212.jpg\" alt=\"Lau sits at a desk with the vision and goals of a new SIEM on the screen.\" width=\"450\" height=\"317\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/10190_SME1-300x212.jpg 300w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/10190_SME1-768x541.jpg 768w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/10190_SME1.jpg 1000w\" sizes=\"auto, (max-width: 450px) 100vw, 450px\" \/><figcaption id=\"caption-attachment-12746\" class=\"wp-caption-text\">Principal PM manager Mei Lau helped coordinate the deployment of Microsoft Sentinel across Microsoft. (Photo by Mei Lau)<\/figcaption><\/figure>\n<p>\u201cMicrosoft Sentinel uses all the automation and scalability capabilities available in the Azure platform,\u201d Lau says.<\/p>\n<p>Microsoft Security\u2019s engagement with the Microsoft Sentinel team addressed two sets of needs at once.<\/p>\n<p>\u201cThey get the benefits of Microsoft Sentinel for incident response, but we get the benefit as the product team of working with customers, like our own internal digital security team,\u201d says Laura Machado de Wright, a principal PM manager on the Microsoft Sentinel product team. \u201cIf we can help them be successful, we\u2019re also helping our large customers, who often have the same challenges, requirements, and needs.\u201d<\/p>\n<p>The collaboration meant the product team could identify what enterprise-scale customers were looking for at a faster rate.<\/p>\n<p>\u201cWe can work closely and iterate more rapidly with internal teams,\u201d Machado de Wright says. \u201cWe can get their requirements and feedback before moving into formal previews with external customers.\u201d<\/p>\n<p>These early interactions allowed the product team to work through a few nuances that could have disrupted users. In an early version of Microsoft Sentinel, for example, some of Microsoft Security\u2019s security analysts noticed that they were getting a lot of long notifications.<\/p>\n<p>\u201cWhen you start testing, you realize you need certain capabilities,\u201d Lau says. \u201cWe were able to point out the business impact of noisy alerts that are too long.\u201d<\/p>\n<p>In response, the product team introduced suppression and aggregation support to avoid alert fatigue, reducing the amount of noise generated by Microsoft Sentinel.<\/p>\n<p>\u201cNow we have a better product that meets our needs at an enterprise level,\u201d Lau says.<\/p>\n<p><strong>Always a group effort<\/strong><\/p>\n<p>One objective of Microsoft Security is to unify security operations teams onto a single SIEM\u2014Microsoft Sentinel. \u201cDepending on the scope, there are different teams responsible for protecting Microsoft,\u201d Machado de Wright says. \u201cThere are some common solutions between them, but many security operations teams built their own solutions or relied on third-party solutions to manage security events. With Microsoft Sentinel, we think there\u2019s an opportunity for them to be the first and best customers of Microsoft.\u201d<\/p>\n<p>With Microsoft Sentinel, it\u2019s easier for SOCs to develop a tactical and coordinated response to security threats and incidents.<\/p>\n<p>\u201cEven though they might look at different pieces of the puzzle, data from different internal teams can be brought into Microsoft Sentinel and create detections,\u201d Machado de Wright says. \u201cThen, automation can assign it to the right group.\u201d<\/p>\n<p>These multiple sources can be connected for rich, multifactor detections.<\/p>\n<p>\u201cMultifactor allows us to grab from multiple sources and compare them together,\u201d Lau says. \u201cWe can see if someone is attacking us in several different ways. Between detection and hunt, it\u2019s very simple to track down what\u2019s happening.\u201d<\/p>\n<p>Unifying security operations teams onto the Microsoft Sentinel platform also allowed the company\u2019s internal security team in Microsoft Security to align on a deployment strategy.<\/p>\n<p>\u201cIt was great to work with other SOCs within Microsoft,\u201d Lau says. \u201cWe have the shared goal of protecting the entire enterprise, which enabled us to identify key requirements for parity to retire the legacy SIEM.\u201d<\/p>\n<p>Steps had already been taken to retire the legacy SIEM, so deploying Microsoft Sentinel in a timely manner was critical.<\/p>\n<p>To move to Microsoft Sentinel, the product team needed to verify that equivalent features and capabilities were live in the new security environment. Making sure the various teams\u2019 needs were aligned helped ensure that.<\/p>\n<p>\u201cSome of these teams had fairly mature monitoring systems,\u201d Machado de Wright says. \u201cWe had to work on prioritization and work closely to understand their scenarios to meet the requirements of their timeline.\u201d<\/p>\n<p><strong>Faster, together<\/strong><\/p>\n<p>To build new detection systems, you need connected data sources. But first, you have to find each source and connect it to your analytics engine.<\/p>\n<p>\u201cBefore, you had to understand how the data was structured and then build software to connect to your events management system,\u201d Lau says. \u201cMicrosoft Sentinel\u2019s broad ecosystem allows many out-of-the-box data connectors to be connected up to 18 times faster.\u201d<\/p>\n<p>This is one of the major ways Microsoft Sentinel accelerates and empowers engineers and analysts.<\/p>\n<p>\u201cFinding access to data can be ponderous across large volumes of data,\u201d Lau says. \u201cWhen security analysts go in and perform open-ended queries to find access to data in the repository, Microsoft Sentinel is extremely fast.\u201d<\/p>\n<p>Now tracking down a new connector or data source in Microsoft Sentinel takes just a few seconds. This free time has allowed the security team in Microsoft Security to reprioritize engineering resources previously dedicated to scaling the infrastructure. Plus, the time-saving automations introduced with Microsoft Sentinel have improved the lives of Microsoft Security\u2019s SOC analysts.<\/p>\n<p>Some of these time savings manifest in how quickly code can be written and deployed.<\/p>\n<p>\u201cIt all happens at the speed of pushing code to the cloud,\u201d Lau says. \u201cSo, a matter of minutes.\u201d<\/p>\n<p>This streamlined process gives Microsoft Security much better change control, enabling a continuous integration and continuous detection pipeline.<\/p>\n<p><strong>Transforming the future of security<\/strong><\/p>\n<p>Microsoft Security isn\u2019t the only group benefiting from Microsoft Sentinel.<\/p>\n<p>During development, Microsoft Security and the Microsoft Sentinel product team also solicited input from other enterprise customers. These partners, including a global retailer that experiences more than 9 billion security events per day, helped shape the final product.<\/p>\n<p>\u201cSometimes we get conflicting feedback from customers,\u201d Machado de Wright says. \u201cWe can\u2019t always address it, but we can dive deeper by asking the internal team if they have the same pain point or scenario.\u201d<\/p>\n<p>Thanks to the contributions of Microsoft Security and its partners, the Microsoft Sentinel team has quickly developed and released a product that can handle the scale and security needs of modern enterprises.<\/p>\n<p>\u201cWe have access to different personas, like analysts, engineers, managers, and different security operations teams,\u201d Machado de Wright says. \u201cThe ability to just sit with them accelerated everything.\u201d<\/p>\n<p>And there\u2019s still more to discover with Microsoft Sentinel.<\/p>\n<p>For example, with new ways to engage and interact with connected datasets, Microsoft Security is now using machine learning with the new tool. \u201cWe are moving some of our most complex detections into Microsoft Sentinel,\u201d Lau says.<\/p>\n<p>For enterprise customers like Microsoft who already have the Microsoft Azure stack, using cloud-based security tools made a lot of sense.<\/p>\n<p>\u201cWe\u2019re already using Azure,\u201d Lau says. \u201cNow we have a better product that meets our security needs at an enterprise level. Our security operations teams don\u2019t need to leave Microsoft Sentinel. They can query different Azure Data Explorer clusters and other workspaces with permission. It\u2019s a single pane of glass to complete an investigation.\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-7482 size-medium\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/related_links-300x81.png\" alt=\"Related links\" width=\"300\" height=\"81\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/related_links-300x81.png 300w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/related_links.png 500w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<ul class=\"c-list\">\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/itshowcase\/implementing-a-zero-trust-security-model-at-microsoft\">Discover how Microsoft protects its network with Zero Trust<\/a>.<\/li>\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/itshowcase\/improving-security-by-protecting-elevated-privilege-accounts-at-microsoft\">Find out how Microsoft uses elevated-privilege accounts for security<\/a>.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>We periodically update our stories, but we can\u2019t verify that they represent the full picture of our current situation at Microsoft. We leave them on the site so you can see what our thinking and experience was at the time. Sometimes you outgrow the capabilities of a well-loved tool\u2014that\u2019s exactly what happened to Microsoft and [&hellip;]<\/p>\n","protected":false},"author":80,"featured_media":12745,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_hide_featured_on_single":false,"_show_featured_caption_on_single":true,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[115,848],"coauthors":[442],"class_list":["post-6906","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-microsoft-azure","tag-security-and-risk-management","program-microsoft-digital-technical-stories","m-blog-post"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft Sentinel Protects Microsoft from Cybersecurity Attacks<\/title>\n<meta name=\"description\" content=\"Learn how Microsoft\u2019s internal security team is using Microsoft Sentinel and its AI and cloud capabilities to respond to suspicious activity at scale.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Sentinel Protects Microsoft from Cybersecurity Attacks\" \/>\n<meta property=\"og:description\" content=\"Learn how Microsoft\u2019s internal security team is using Microsoft Sentinel and its AI and cloud capabilities to respond to suspicious activity at scale.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\/\" \/>\n<meta property=\"og:site_name\" content=\"Inside Track Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-06-17T14:27:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-03T19:55:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/10190_hero_2300x1293.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2300\" \/>\n\t<meta property=\"og:image:height\" content=\"1293\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Josh Krenz\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Josh Krenz\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\\\/\"},\"author\":{\"name\":\"Josh Krenz\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/#\\\/schema\\\/person\\\/7324508b769f74142e6e1e73419840d3\"},\"headline\":\"Boosting Microsoft\u2019s response to cybersecurity attacks with Microsoft Sentinel\",\"datePublished\":\"2021-06-17T14:27:01+00:00\",\"dateModified\":\"2026-04-03T19:55:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\\\/\"},\"wordCount\":1701,\"image\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/uploads\\\/prod\\\/2023\\\/05\\\/10190_hero_2300x1293.jpg\",\"keywords\":[\"Microsoft Azure\",\"Security and risk management\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\\\/\",\"url\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\\\/\",\"name\":\"Microsoft Sentinel Protects Microsoft from Cybersecurity Attacks\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/uploads\\\/prod\\\/2023\\\/05\\\/10190_hero_2300x1293.jpg\",\"datePublished\":\"2021-06-17T14:27:01+00:00\",\"dateModified\":\"2026-04-03T19:55:07+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/#\\\/schema\\\/person\\\/7324508b769f74142e6e1e73419840d3\"},\"description\":\"Learn how Microsoft\u2019s internal security team is using Microsoft Sentinel and its AI and cloud capabilities to respond to suspicious activity at scale.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/uploads\\\/prod\\\/2023\\\/05\\\/10190_hero_2300x1293.jpg\",\"contentUrl\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/uploads\\\/prod\\\/2023\\\/05\\\/10190_hero_2300x1293.jpg\",\"width\":2300,\"height\":1293,\"caption\":\"Microsoft\u2019s internal security team is using Microsoft Sentinel and its AI and cloud capabilities to respond to suspicious activity at scale.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Boosting Microsoft\u2019s response to cybersecurity attacks with Microsoft Sentinel\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/\",\"name\":\"Inside Track Blog\",\"description\":\"How Microsoft does IT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/#\\\/schema\\\/person\\\/7324508b769f74142e6e1e73419840d3\",\"name\":\"Josh Krenz\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cd3772587c5cedf029a163a2152992439f73097387ddb1dc1379887566f5f795?s=96&d=mm&r=gc1e184e1caf6e8f2d850023215f1ddd9\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cd3772587c5cedf029a163a2152992439f73097387ddb1dc1379887566f5f795?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cd3772587c5cedf029a163a2152992439f73097387ddb1dc1379887566f5f795?s=96&d=mm&r=g\",\"caption\":\"Josh Krenz\"},\"url\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/author\\\/jkrenz\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Sentinel Protects Microsoft from Cybersecurity Attacks","description":"Learn how Microsoft\u2019s internal security team is using Microsoft Sentinel and its AI and cloud capabilities to respond to suspicious activity at scale.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft Sentinel Protects Microsoft from Cybersecurity Attacks","og_description":"Learn how Microsoft\u2019s internal security team is using Microsoft Sentinel and its AI and cloud capabilities to respond to suspicious activity at scale.","og_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\/","og_site_name":"Inside Track Blog","article_published_time":"2021-06-17T14:27:01+00:00","article_modified_time":"2026-04-03T19:55:07+00:00","og_image":[{"width":2300,"height":1293,"url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/10190_hero_2300x1293.jpg","type":"image\/jpeg"}],"author":"Josh Krenz","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Josh Krenz","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\/"},"author":{"name":"Josh Krenz","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/7324508b769f74142e6e1e73419840d3"},"headline":"Boosting Microsoft\u2019s response to cybersecurity attacks with Microsoft Sentinel","datePublished":"2021-06-17T14:27:01+00:00","dateModified":"2026-04-03T19:55:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\/"},"wordCount":1701,"image":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/10190_hero_2300x1293.jpg","keywords":["Microsoft Azure","Security and risk management"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\/","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\/","name":"Microsoft Sentinel Protects Microsoft from Cybersecurity Attacks","isPartOf":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/10190_hero_2300x1293.jpg","datePublished":"2021-06-17T14:27:01+00:00","dateModified":"2026-04-03T19:55:07+00:00","author":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/7324508b769f74142e6e1e73419840d3"},"description":"Learn how Microsoft\u2019s internal security team is using Microsoft Sentinel and its AI and cloud capabilities to respond to suspicious activity at scale.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\/#primaryimage","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/10190_hero_2300x1293.jpg","contentUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/10190_hero_2300x1293.jpg","width":2300,"height":1293,"caption":"Microsoft\u2019s internal security team is using Microsoft Sentinel and its AI and cloud capabilities to respond to suspicious activity at scale."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-microsofts-response-to-cybersecurity-attacks-with-microsoft-azure-sentinel\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/insidetrack\/blog\/"},{"@type":"ListItem","position":2,"name":"Boosting Microsoft\u2019s response to cybersecurity attacks with Microsoft Sentinel"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/","name":"Inside Track Blog","description":"How Microsoft does IT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/7324508b769f74142e6e1e73419840d3","name":"Josh Krenz","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/cd3772587c5cedf029a163a2152992439f73097387ddb1dc1379887566f5f795?s=96&d=mm&r=gc1e184e1caf6e8f2d850023215f1ddd9","url":"https:\/\/secure.gravatar.com\/avatar\/cd3772587c5cedf029a163a2152992439f73097387ddb1dc1379887566f5f795?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cd3772587c5cedf029a163a2152992439f73097387ddb1dc1379887566f5f795?s=96&d=mm&r=g","caption":"Josh Krenz"},"url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/author\/jkrenz\/"}]}},"jetpack_featured_media_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/10190_hero_2300x1293.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9hcZA-1No","_links":{"self":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/6906","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/users\/80"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/comments?post=6906"}],"version-history":[{"count":25,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/6906\/revisions"}],"predecessor-version":[{"id":22969,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/6906\/revisions\/22969"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media\/12745"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media?parent=6906"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/categories?post=6906"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/tags?post=6906"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/coauthors?post=6906"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}