Microsoft Sentinel: Delivering value to your SOC

In today's dynamic landscape, threats are rapidly evolving, and digital transformation is the norm. Balancing security and business outcomes are significant challenges for security teams seeking robust solutions to safeguard their expanding while effectively managing their data strategy and costs.

Microsoft Sentinel is our next-generation cloud native security information and event management (SIEM) solution, enriched by and threat intelligence, delivering end-to-end protection across the multicloud, multiplatform digital estate. With industry leading innovations focused on SOC productivity, efficient threat investigations and cost optimizations, Microsoft Sentinel empowers defenders to stay ahead of threats in a simplified, scalable, and accelerated manner. 

Join us at booth 6044 at RSA 2024 on Wednesday, May 8, 2024, to hear directly from our experts on Microsoft Sentinel's latest innovations, and get live demonstrations of how they will help your organization to stay safer.

SOC Optimization

We are excited to share that Microsoft Sentinel SOC Optimization capability is now in Public Preview. This important new feature makes it easier for security teams to effectively customize and manage their SIEM for specific business and security requirements. All Microsoft Sentinel customers can take advantage of SOC optimization capability with dynamic, actionable, research backed recommendations to optimize data usage, costs and security coverage against relevant threats. It will be available to customers in both the Azure portal and unified security operations platform.

SOC optimization offers:

Tailored recommendations unique to your organization that update everyday enabling you to confidently understand your security coverage and immediately discover content best suited for your security needs:


Threat-based recommendations backed by Microsoft research to help identify rules or data sources needed to improve security coverage against various types of attacks such as Business Email Compromise (financial fraud) and Human Operated :


Visibility into your data usage patterns and actionable recommendations for out-of-the-box detections, so you can gain immediate security value from ingested data and improve threat protection:


 Insights into ingested data that are not being utilized for detection or investigation with recommendations on save money:


“The new SOC optimization feature has substantially improved our understanding of more effectively utilize existing log tables, either by enhancing detection rules or by cutting costs through adjustments to the ingestion plans for less-utilized log tables. Furthermore, it provides additional insights into enhancing our threat coverage against issues like BEC, , and more.”

Manjunatha SN

Senior Security Engineer

KMart Australia

With SOC optimization, security teams can quickly understand and resolve gaps in their security coverage, optimize data ingestion and manage costs to ensure the highest levels of performance and protection. To learn more, see

Unified security operations platform now in public preview  

On April 4th,2024 the unified security operations platform went to public preview, as discussed in detail on the Microsoft Security Blog. The platform is designed to offer end-to-end protection by consolidating various security operations tools and experiences into a single, coherent system. Now, customers of Microsoft Sentinel and Defender XDR can leverage more comprehensive capabilities with more out of the box value, more flexibility and better protection. Embedded exposure management helps to ensure protection starts before breach and embedded Copilot for Security. Customers with Microsoft Sentinel and Defender XDR can now try out the new experience for a single tenant, single workspace. We will continue to expand the availability to government cloud customers and to support multi-tenant and multi-workspace needs in the coming months.  


Building on this announcement, we have additional capabilities now ready for customers to use on the unified SOC platform. These include: 

  • Unified custom detections: We remain committed to enhancing our XDR capabilities within Microsoft Sentinel, focusing on enabling the creation and execution of custom detections using 30-day XDR hunting data alongside data ingested by Microsoft Sentinel.  
  • Unified rules: Customers can now automatically execute a playbook based on certain conditions, such as the creation or updating of an incident, or when an alert meets specific criteria. 
  • Global search: Global search will now allow customers to search across all entities and incidents in SIEM and XDR through the search bar at the top of the portal. 


Get started with Microsoft Sentinel

Microsoft Sentinel offers a complete security operations solution that is powerful, highly efficient and economic than other SIEM solutions. Per our latest Total Economic Impact™ Of Microsoft Sentinel Study customers have seen a return of investment (ROI) of 234%, reduced false positives by up to 79% and decreased the work required for advanced, multitouch investigations by 85%. These are critical metrics when selecting a SIEM.  

Additionally, the new SIEM migration experience helps simplify and accelerate migrations to Microsoft Sentinel. Today the experience supports migrations of Splunk detections to Microsoft Sentinel analytics rules. In the coming months we will continue to invest and evolve this migration experience to additional capabilities.

Learn more

Microsoft is committed to empowering customers with a best-of-breed solution to transform their security operations at cloud scale. For more information on Microsoft Sentinel see:


This article was originally published by Microsoft's Sentinel Blog. You can find the original article here.