{"id":26014,"date":"2025-09-30T07:23:03","date_gmt":"2025-09-30T15:23:03","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2025\/09\/30\/news-19733\/"},"modified":"2025-09-30T07:23:03","modified_gmt":"2025-09-30T15:23:03","slug":"news-19733","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2025\/09\/30\/news-19733\/","title":{"rendered":"Empowering defenders in the era of agentic AI with Microsoft Sentinel"},"content":{"rendered":"

Credit to Author: Vasu Jakkal| Date: Tue, 30 Sep 2025 13:00:00 +0000<\/strong><\/p>\n

Microsoft unveils a new wave of security innovation\u2014delivering an agentic platform to protect organizations at scale<\/strong><\/h4>\n

We are living through a turning point in how organizations work and defend themselves. Across industries, \u201cFrontier Firms<\/a>\u201d are emerging; these are businesses where humans and AI agents collaborate in real time to solve problems, innovate, and build resilient organizations.<\/p>\n

For security teams, this shift brings new opportunities and challenges. The complexity and speed of modern cyberthreats demand solutions that go beyond traditional tools. To address these needs, Microsoft is introducing new agentic security capabilities to empower defenders to innovate boldly and safely in this new AI era.<\/p>\n

Microsoft Sentinel: The security platform for the agentic era<\/h2>\n

Defenders need to protect AI end-to-end and for that they need a platform that brings together data, context, automation, and intelligent agents, enabling them to defend and adapt at AI speed. That platform is Microsoft Sentinel<\/a>.<\/p>\n

\n
Secure your multicloud, multiplatform environment with Microsoft Sentinel<\/a><\/div>\n<\/p><\/div>\n

Sentinel started as a cloud-native security information and event management (SIEM) and expanded to also include a unified security data lake in July<\/a>. Today, it is expanding into an agentic platform with the general availability of Sentinel data lake<\/a>, and the public preview of Sentinel graph<\/a> and Sentinel Model Context Protocol (MCP) server<\/a>. With graph-based context, semantic access, and agentic orchestration, Sentinel gives defenders a single platform to ingest signals, correlate across domains, and empower AI agents built in Security Copilot, VS Code using GitHub Copilot, or other developer platforms.<\/p>\n

\n
\n
<\/div>\n<\/p><\/div>\n<\/p><\/div>\n

Sentinel ingests signals, either structured or semi-structured, and builds a rich, contextual understanding of your digital estate through vectorized security data and graph-based relationships. By integrating these insights with Microsoft Defender and Microsoft Purview, Sentinel brings graph-powered context to the tools security teams already use, helping defenders trace attack paths, understand impact, and prioritize response\u2014all within familiar workflows. <\/p>\n

\n

With Microsoft Security and Sentinel data lake, we\u2019ve unified silos, scaled operations, automated processes, and expanded coverage\u2014transforming how we detect patterns and prepare for the future with a unified, agile security posture<\/em>. <\/p>\n

\u2014Bernard Knaapen, Chief Product Owner, Monitoring and Incident Response, ABN AMRO<\/em> <\/cite><\/p><\/blockquote>\n

Sentinel also organizes and enriches your security data, making it ready for AI agents to detect issues faster, investigate with more clarity, and respond automatically when needed. And Sentinel\u2019s graph-based approach<\/a> powers Security Copilot agents to reason over your environment with precision and speed, thanks to the built-in MCP server, which uses open standards for easy agent access and action. For advanced teams, Sentinel MCP server enables extensibility for predefined and custom agents, allowing AI-powered reasoning over unified data. This shifts security from reactive to predictive, helping teams anticipate threats and automate response at scale. <\/p>\n

\"Blue
 This diagram illustrates the architecture and integration of Microsoft’s security ecosystem across multicloud and<\/em> multiplatform environments.<\/em><\/figcaption><\/figure>\n

Sentinel is open and extensible, so partners can build their own agents and solutions. And with the new Microsoft Security Store<\/a>, finding and deploying these agents is simple. We\u2019re already collaborating with Accenture, ServiceNow, and Zscaler to strengthen the security ecosystem together<\/a>. <\/p>\n

Sentinel is an industry-leading SIEM and the scalable backbone defenders need in the age of AI. Together, Sentinel and Security Copilot give security teams the visibility, automation, and scale they need to stay ahead of cyberthreats.<\/p>\n

\n
\n
<\/div>\n<\/p><\/div>\n<\/p><\/div>\n
\n
Learn more about Microsoft Sentinel platform and take the next steps<\/a><\/div>\n<\/p><\/div>\n

Security Copilot: Build your own agents\u2014<\/strong>no code required<\/h2>\n

Security Copilot was created to help security teams tackle the toughest challenges\u2014<\/strong>endless alerts, siloed tools, and constant pressure to do more with less. But no one understands your environment and unique needs like you do. Now you can build your own Security Copilot agents<\/a>. The Security Copilot portal features a no-code agent builder that lets you describe what you need in natural language and create, optimize, and publish agents tailored to your workflows in minutes.<\/p>\n

You can also build agents in a Sentinel MCP server-enabled coding platform, such as VS Code using GitHub Copilot. Once built, you can refine and deploy agents to your Security Copilot workspace while keeping the process within the familiar development platform. <\/p>\n

Security Copilot agents are designed to integrate into daily tools and workflows\u2014<\/strong>whether embedded in the Microsoft Security products you already use, partner-built, or custom-built for your environment. Since launching Security Copilot agents in March 2025<\/a>, we\u2019ve delivered more than a dozen agents<\/a> for scenarios such as phish triage and conditional access optimization. We continue to add embedded agents such as the Access Review Agent in Microsoft Entra<\/a>. Microsoft and partner-created Security Copilot agents are available to discover, buy, and deploy in the Security Store today.<\/p>\n

Building on Sentinel\u2019s graph-based context, Security Copilot agents can now reason more effectively across your environment\u2014correlating alerts, enriching context with relationships, prioritizing by impact, and automating common actions. This enables fewer false positives, faster triage, and lower mean time to resolution (MTTR). Work shifts from manual triage to agent-led workflows: agents orchestrate and automate routine tasks, while analysts review and approve outcomes\u2014focusing their time on strategic decisions and proactive threat hunts. <\/p>\n

\n
Learn more about Security Copilot agents and explore what\u2019s possible<\/a><\/div>\n<\/p><\/div>\n

Secure and govern your AI comprehensively<\/strong><\/h2>\n

As organizations embrace AI, Microsoft continues to invest in tools that help security teams secure and govern their AI platforms, apps, and agents across the enterprise.<\/p>\n

Over the past few months, we\u2019ve expanded our Security for AI capabilities, including Entra Agent ID<\/a> to help discover and manage your agent estate, controls to prevent data oversharing in custom-built AI apps and agents<\/a>, risk discovery tools for AI model providers and MCP servers<\/a>, and advanced detection for prompt injection attacks. <\/p>\n

At Microsoft Build 2025, we announced new enhancements to Azure AI Foundry that provide more protection for AI agents across their lifecycle. These will be available soon and include:<\/p>\n

    \n
  1. Agent task adherence control to help keep agents aligned with tasks in real time<\/li>\n
  2. Personally identifiable information (PII) guardrail <\/li>\n
  3. Spotlighting capability in prompt shields to enhance protection against cross-prompt injection attacks<\/li>\n<\/ol>\n

    Together, these innovations help you secure and govern your AI apps and agents in Microsoft 365 Copilot, Copilot Studio, and Azure AI Foundry\u2014helping you build on the trusted tools your teams already use and offering you more natively built protections for your Microsoft AI platforms.<\/p>\n

    \n
    Learn more about end-to-end protection for your AI agents<\/a><\/div>\n<\/p><\/div>\n
    \n
    \n
    \n
    \n
    \n

    Upcoming security events<\/strong><\/h2>\n

    Deep dive into these innovations at Microsoft Secure<\/a> on Sep 30, Oct 1, or on demand. Then, join us at Microsoft Ignite<\/a>, Nov, 17\u201321 in San Francisco, CA or online\u2014for more innovations, hands-on labs, and expert connections. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n

    \n
    \t\t\t\t\t\t\t\t\t\t\t\"Microsoft\t\t\t\t\t\t\t\t\t<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n

    Security is a team sport<\/strong><\/h2>\n

    We are entering a new era: security is adaptive, intelligent, and acts at the speed of thought. The advances announced today are the building blocks for a new generation of defense.<\/p>\n

    I firmly believe that security is a team sport. That team includes all of us\u2014 innovating together, learning together, and defending together. <\/p>\n

    Together, we\u2019re not just imagining the future. We\u2019re securing it. <\/ins><\/p>\n

    \n
    Secure more with Microsoft Sentinel<\/a><\/div>\n<\/p><\/div>\n

    Learn more with Microsoft Security<\/h2>\n

    To learn more about Microsoft Security solutions, visit our\u202fwebsite<\/a>. Bookmark the Security blog<\/a> to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security<\/a>) and X (@MSFTSecurity<\/a>)\u202ffor the latest news and updates on cybersecurity.<\/p>\n

    \n

    The post Empowering defenders in the era of agentic AI with Microsoft Sentinel<\/a> appeared first on Microsoft Security Blog<\/a>.<\/p>\n

    https:\/\/blogs.technet.microsoft.com\/mmpc\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

    Credit to Author: Vasu Jakkal| Date: Tue, 30 Sep 2025 13:00:00 +0000<\/strong><\/p>\n

    Microsoft Sentinel is expanding into an agentic platform with general availability of the Sentinel data lake, and the public preview of Sentinel graph\u00a0and\u00a0Sentinel\u00a0Model Context Protocol (MCP)\u00a0server.\u00a0<\/p>\n

    The post Empowering defenders in the era of agentic AI with Microsoft Sentinel<\/a> appeared first on Microsoft Security Blog<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10759,10378],"tags":[],"class_list":["post-26014","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/26014","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=26014"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/26014\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=26014"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=26014"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=26014"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}