Trace Id is missing
Skip Navigation

Microsoft Sentinel

Simplify security operations with intelligent security analytics and scale as you grow.

Build next-generation security operations powered by the cloud and AI

Modernize your security operations center (SOC) with Microsoft Sentinel. Uncover sophisticated threats and respond decisively with an intelligent, comprehensive security information and event management (SIEM) solution for proactive threat detection, investigation, and response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing costs as much as 48 percent compared to legacy SIEM solutions.1

Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds
Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft
Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft
Respond to incidents rapidly with built-in orchestration and automation of common tasks

Limitless cloud speed and scale

Invest in security, not infrastructure setup and maintenance, with the first cloud-native SIEM from a major cloud provider. Never let a storage limit or a query limit prevent you from protecting your enterprise. Start using Microsoft Sentinel immediately, automatically scale to meet your organizational needs, and pay for only the resources you need. As a cloud-native SIEM, Microsoft Sentinel is 48 percent less expensive and 67 percent faster to deploy than legacy on-premises SIEMs.

Video container
Gartner

Microsoft has been recognized by Gartner

Microsoft is named a Leader in the October 2022 Gartner® Magic Quadrant™ for Security Information and Event Management.² ³

The Total Economic Impact of Microsoft Azure Sentinel

The Total Economic Impact™ of Microsoft Sentinel

Find out how Microsoft Sentinel provided an ROI of 201 percent over three years and reduced costs by 48 percent compared to legacy SIEM solutions. Read the full 2020 commissioned study conducted by Forrester Consulting on behalf of Microsoft.

Forrester

The Forrester Wave™: Security Analytics Platforms, Q4 2022

Accelerate and manage your end-to-end machine learning lifecycle with Azure Databricks, MLflow, and Azure Machine Learning to build, share, deploy, and manage machine learning applications.

Video container

AI on your side

Focus on finding real threats quickly. Reduce noise from legitimate events with built-in machine learning and knowledge based on analyzing trillions of signals daily. Accelerate proactive threat hunting with pre-built queries based on years of security experience. View a prioritized list of alerts, get correlated analysis of thousands of security events within seconds, and visualize the entire scope of every attack. Simplify security operations and speed up threat response with integrated automation and orchestration of common tasks and workflows.

Behaviour analytics to stay ahead of evolving threats

Detect unknown threats and anomalous behaviour of compromised users and insider threats. Get a new level of threat intelligence insight with user and entity profiling that leverages peer analysis, machine learning, and Microsoft security expertise. Gain more contextual and behavioural information for threat hunting, investigation, and response using the built-in entity behavioural analytics.

Streamlined and cost-effective security data collection

Simplify data collection across different sources, including Azure, on-premises solutions, and across clouds using built-in connectors. Connect with data from your Microsoft products in just a few clicks. Import Office 365 audit logs, Azure activity logs, and alerts from Microsoft threat protection solutions for free, and analyze and draw correlations to deepen your intelligence.

Comprehensive security and compliance, built in

Get started with an Azure free account

1

Start free. Get USD 200 credit to use within 30 days. While you have your credit, get free amounts of many of our most popular services, plus free amounts of 55+ other services that are always free.

2

After your credit, move to pay as you go to keep building with the same free services. Pay only if you use more than your free monthly amounts.

3

After 12 months, you'll keep getting 55+ always-free services—and still pay only for what you use beyond your free monthly amounts.

Trusted by companies of all sizes

Pearson VUE

"We use Microsoft Sentinel to see everything that's going on in our estate—whether from Microsoft or non-Microsoft security solutions—and be as proactive as possible."

Vladan Pulec, Enterprise Architect, Pearson VUE

An office with cubicles

QNET

"We're able to find out what we need to know with a simple set of KQL queries. We can hunt for anything now. We never had that ability before."

Egal Egal, Chief Information Security Officer, QNET

A laptop displaying a web page that says QNET AND SPORTS

a

First West Credit Union

"We realized right away that Microsoft Sentinel offered a completely different experience. We could onboard our logs from Azure and Office 365 in literally one click. We configured 80 percent of our logs to feed into Microsoft Sentinel within one month versus 18 months with ArcSight."

Ryan Smith, Manager of IT Security and Operations, First West Credit Union

A bank associate with their arms folded

i

iHeartMedia

"I immediately formed an image of our incident response analysts swivelling all day long from one screen to another.... Now with Microsoft Sentinel, one screen shows our analysts the intelligence to alert based on the data it combines from multiple systems, including firewalls, domain controllers, and everything else."

Janet Heins, Chief Information Security Officer, iHeartMedia

A person wearing a headset

1

"We were struggling with the scripting of multiple technologies… and the unified, automated Azure infrastructure really presented itself as the best way for us to improve efficiency moving forward."
Igor van Haren, Lead Architect, VECOZO
VECOZO

.

"Understanding the inner workings of a firewall is not our expertise, and with Azure Firewall Premium, it doesn't have to be. We use Azure Firewall Premium to protect Dematic and our customers around the clock, and we can depend on it."
Brandon Bates, Principal Architect, Dematic
Dematic
Back to tabs

Learn more about Microsoft Sentinel

Explore documentation and quickstarts

Learn how to connect Microsoft services and third-party data sources like servers, network equipment, and security appliances including firewalls.

Get instant visualization and insights across your connected data sources using built-in dashboards.

Track security threats across your organization's logs with powerful search and query tools.

Download the Microsoft Sentinel quickstart guide.

Use the Microsoft Sentinel All-In-One Accelerator to get up and running fast.

Become an Microsoft Sentinel master with the Microsoft Sentinel Ninja Training.

Read analyst reports

Find out how security professionals are migrating SIEM operations to the cloud to reduce costs, improve protection, and reduce alert fatigue in this IDG report: SIEM Shift: How the Cloud Is Transforming Security Operations.

Learn how Microsoft Sentinel provides an ROI of 201 percent over three years in this commissioned study conducted by Forrester Consulting: The Total Economic Impact™ of Microsoft Sentinel.

Learn about current cost-savings offers

Microsoft 365 E5 customers save up to USD 2,200 per month on a typical 3,500 seat deployment with Azure credits for up to 100MB/user/month of data ingestion into Microsoft Sentinel.

Frequently asked questions about Microsoft Sentinel

  • Microsoft Sentinel is a cloud-native security information and event management (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise—fast. Microsoft Sentinel aggregates data from all sources, including users, applications, servers, and devices running on premises or in any cloud, letting you reason over millions of records in a few seconds. It includes built-in connectors for easy onboarding of popular security solutions. Collect data from any source with support for open standard formats like CEF and Syslog.

  • Yes, Microsoft Sentinel is built on the Azure platform. It provides a fully integrated experience in the Azure portal to augment your existing services, such as Azure Security Center and Azure Machine Learning. Create your Azure free account to get started.

  • Microsoft Sentinel integrates with many enterprise tools, including best-of-breed security products, homegrown tools, and other systems like ServiceNow. It provides an extensible architecture to support custom collectors through REST API and advanced queries. It enables you to bring your own insights, tailored detections, machine learning models, and threat intelligence.

Try a modern SIEM solution born in the cloud

  1. The Total Economic Impact™ of Microsoft Sentinel, a commissioned study conducted by Forrester Consulting on behalf of Microsoft. Results are for a composite organization based on interviewed customers.

  2. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

    Gartner and Magic Quadrant are registered trademarks and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

  3. Gartner Magic Quadrant for Security Information and Event Management, Pete Shoard, Andrew Davies, Mitchell Schneider, October 2022.