Microsoft Sentinel — Solving Microsoft 365

Microsoft Sentinel is Microsoft's cloud-native Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platform. It ingests logs from Microsoft 365 (free for most Microsoft sources), Azure, on-premises systems, and third-party security tools, runs detection rules in Kusto Query Language (KQL), generates and groups incidents, and executes Logic Apps-based automation playbooks. Sentinel now lives in the Defender XDR portal as a unified surface alongside Defender XDR's first-party signals. Pricing is by ingested data volume (per GB per day), with commitment tiers for higher volumes. The default SIEM choice for Microsoft 365 customers.