Become a Member My Atlas
Insights
Training
Advisory & Negotiation
Free Resources
About
Contact Us
Search
Become a Member

July 27, 2025

  Analyst Report

Sentinel Integrated into Defender XDR

My Atlas / Analyst Reports

739 wordsTime to read: 4 min
Wes Miller by
Wes Miller
Wes Miller by
Wes Miller

Wes Miller analyzes and writes about Microsoft’s security, identity management, and systems management technologies. Before joining Directions on Microsoft, Wes... more

  • Microsoft’s Sentinel Security Information and Event Management (SIEM) has been integrated into Microsoft Defender XDR.

  • Security analysts can now investigate incidents from the same portal.

  • Expect future Sentinel enhancements to require using the Defender XDR portal, not the Azure portal.

  • This change has no effect on the licensing of Sentinel or Defender XDR components.

Microsoft Sentinel, the company’s SIEM, has been integrated into the Microsoft Defender XDR portal. While Microsoft has deeply integrated incident management only between the two technologies at this point, all core Sentinel capabilities are available within the Defender XDR portal. There are no changes to the licensing of Sentinel or the services that comprise Microsoft Defender XDR.

What Changed in Microsoft Sentinel?

With this change, almost all Microsoft Sentinel functionality can be accessed within the Defender XDR portal. Microsoft describes this as “unified SIEM and XDR,” but full unification between Sentinel and Defender XDR is incomplete.

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now