Azure Sentinel is a cloud-native security information and event management (SIEM) tool that uses built-in artificial intelligence and vast threat intelligence to detect threats across organizations. It collects security data from various sources at scale in the cloud with no infrastructure costs or limits. Azure Sentinel reduces alert fatigue by up to 90% through correlated rules and user entity behavior analysis integrated with Microsoft 365. It also allows security teams to investigate threats and hunt for suspicious activities assisted by AI.

1. Microsoft Azure Sentinel:
Build next generation security operations with
a cloud native SIEM
Muammer Benzes
Cloud Solution Architect @ Microsoft MEA
muammer.benzes@microsoft.com | @muammerbenzes

2. Phishing
attacks
Cryptocurrency
mining
Supply chain
compromises
Phishing continues to grow as
a risk to global businesses.
Clandestine attacks on
cryptocurrency act as malware
posing security risks.
New entry vectors make for an
ever-broadening category of threat,
software and hardware alike.

3. Security Operations Team
Expanding digital estate

4. Too many
disconnected
products
High volume
of noisy alerts
Security skills
in short supplyLack of
automation
Rising infrastructure
costs and upfront
investment
IT deployment &
maintenance
Sophistication
of threats
Traditional SOC Challenges

5. Cloud + Artificial Intelligence
Security
Operations Team

6. Introducing Microsoft Azure Sentinel
Collect
DetectRespond
Limitless cloud speed and scale
Faster threat protection with AI by your side
Bring your Office 365 data for Free
Easy integration with your existing tools
Investigate
Cloud-native SIEM for intelligent security analytics for your entire enterprise
Security data across
your enterprise
Rapidly and automate
protection
Threats with vast
threat intelligence
and AI
Critical incidents
guided by AI

7. Microsoft Security Advantage
$1B annual investment in cybersecurity
3500+ global security experts
Trillions of diverse signals for
unparalleled intelligence

8. Limitless cloud speed
and scale

9. Focus on security, unburden
SecOps from IT tasks
© Microsoft Corporation Azure
No infrastructure setup or maintenance
SIEM Service available in Azure portal
Scale automatically, put no limits
to compute or storage resources

10. Reduce security and IT costs
No infrastructure costs or
upfront commitment
Only pay for what you use
Bring your Office 365 Data for free
Cloud-native, scalable SIEM

11. Integrate with existing
tools and data sources

12. Pre-wired integration with Microsoft solutions
Connectors for many partner solutions
Standard log format support for all sources
Collect security data at cloud scale from all sources across
your enterprise
Proven log platform with more than 10
petabytes of daily ingestion
Microsoft 365

13. Bring your own insights, machine learning
models, and threat intelligence
Tap into our security community to build
on detections, threat intelligence, and
response automation.
Optimize for your needs
© Microsoft Corporation Azure
Bring your own ML Models
& Threat Intelligence
Security Community

14. AI by your side

15. Correlated
rules
User Entity
Behavior Analysis
integrated with
Microsoft 365
Bring your own
ML models
Pre-built Machine
Learning models
Threat Detection and
Analysis
ML models based on decades of Microsoft
security experience and learnings
Millions of signals filtered to few correlated and
prioritized incidents
Insights based on vast Microsoft threat
intelligence and your own TI
Reduce alert fatigue by up to 90%
Detect threats and analyze security data quickly with AI

16. Investigate threats with AI and hunt suspicious activities at scale, tapping
into years of cybersecurity work at Microsoft
© Microsoft Corporation Azure
Get prioritized alerts and automated expert
guidance
Visualize the entire attack and its impact
Hunt for suspicious activities using pre-built queries
and Azure Notebooks

17. Respond rapidly with built-in orchestration and automation
Build automated and
scalable playbooks that
integrate across tools
! Security Products
Ticketing Systems
(ServiceNow)
Additional tools

18. What our partners and early adopters say about Azure Sentinel
© Microsoft Corporation Azure
“Azure Sentinel provides a unique and cloud
centric security incident and event
management solution that is both simple to
deploy and able to manage complex hybrid
customer environments.”
Jeff Dunmall
Executive Vice President of Global
Managed Services
“My team has the upper hand with Azure
Sentinel. I get unbridled capacity, and the built-in
AI and threat intelligence based on Microsoft’s
years of cybersecurity experience really helps my
team focus on keeping our clients secure vs
managing infrastructure and threat feeds”.
Andrew Winkelmann
Global Security Consulting Practice Lead

19. Take actions today- Get started with the preview
Connect
data sources
To learn more, visit
https://aka.ms/AzureSentinel
Start
Microsoft Azure trial
Open Azure Sentinel
preview dashboard
in Azure Portal