Microsoft on Tuesday unveiled the expansion of its Sentinel Security Incidents and Event Management solution (SIEM) as a unified agentic platform with the general availability of the Sentinel data lake.
In addition, the tech giant said it’s also releasing a public preview of Sentinel Graph and Sentinel Model Context Protocol (MCP) server.
“With graph-based context, semantic access, and agentic orchestration, Sentinel gives defenders a single platform to ingest signals, correlate across domains, and empower AI agents built in Security Copilot, VS Code using GitHub Copilot, or other developer platforms,” Vasu Jakkal, corporate vice president at Microsoft Security, said in a post shared with The Hacker News.
Microsoft released Sentinel data lake in public preview earlier this July as a purpose-built, cloud-native tool to ingest, manage, and analyze security data to provide better visibility and advanced analytics.
With the data lake, the idea is to lay the foundation for an agentic defense by bringing data from diverse sources and enabling artificial intelligence (AI) models like Security Copilot to have the full context necessary to detect subtle patterns, correlate signals, and surface high-fidelity alerts.
The shift, Redmond added, allows security teams to uncover attacker behavior, retroactively hunt over historical data, and trigger detections automatically based on the latest tradecraft.
“Sentinel ingests signals, either structured or semi-structured, and builds a rich, contextual understanding of your digital
estate through vectorized security data and graph-based relationships,” Jakkal said.
“By integrating these insights with Defender and Purview, Sentinel brings graph-powered context to the tools security teams already use, helping defenders trace attack paths, understand impact, and prioritize response — all within familiar workflows.”
Microsoft further noted that Sentinel organizes and enriches security data so as to detect issues faster and better respond to events at scale, shifting cybersecurity from “reactive to predictive.”
In addition, the company said users can build Security Copilot agents in a Sentinel MCP server-enabled coding platform, such as VS Code, using GitHub Copilot, that are tailored to their organizational workflows.
The Windows maker has also emphasized the need for securing AI platforms and implementing guardrails to detect (cross-)prompt injection attacks, stating it intends to roll out new enhancements to Azure AI Foundry that incorporate more protection for AI agents against such risks.
