TLDR: Microsoft has significantly expanded its Sentinel security platform, transforming it into an AI-ready ‘agentic platform’ with new capabilities like a unified data lake, a graph layer, and a Model Context Protocol (MCP) server. These enhancements are designed to empower AI agents, including Microsoft Security Copilot and custom-built agents, to autonomously detect, investigate, and respond to cyber threats at unprecedented speed, while also bolstering the security of AI identities and systems.
Redmond, WA – September 30, 2025 – Microsoft today announced a major evolution of its cloud-native security operations platform, Microsoft Sentinel, transforming it into an ‘agentic platform’ equipped with advanced AI agent capabilities. This strategic expansion aims to provide enterprises with a robust defense mechanism against the increasingly sophisticated and AI-driven cyber threats of the modern era.
The core of this transformation lies in several key innovations. Microsoft has announced the general availability of the Sentinel data lake, offering a cost-effective solution for ingesting and storing vast amounts of structured and semi-structured security telemetry. This enables organizations to retain data longer for richer historical analysis. Complementing this is the public preview of the Sentinel graph, a new layer that maps intricate relationships between entities such as devices, users, and alerts across Microsoft’s comprehensive suite of security products. This graph, accessible via the Sentinel Model Context Protocol (MCP) server, serves as a crucial foundation for AI agents to reason and execute tasks over real-time data.
According to Microsoft, this shift allows AI agents, including those within Microsoft Security Copilot, GitHub Copilot, and other ecosystems, to ‘reason, automate and act at enterprise scale.’ These agents are now capable of performing critical security tasks such as triaging alerts, summarizing incidents, and enforcing policies, significantly compressing detection and response times that traditionally spanned days. Scott Woodgate, general manager for threat protection at Microsoft, highlighted this evolution, stating, ‘We’re going through this transformation where [Sentinel is] and will always be a SIEM, but now it’s a broader security platform.’
Further empowering security teams, Microsoft has introduced a no-code agent builder within Security Copilot. This intuitive tool allows teams to create custom security agents in minutes using natural language, which can then be deployed across various environments, including the Copilot portal or via the Sentinel MCP server. Since their launch in March 2025, Security Copilot agents have already been applied to scenarios like phishing triage and conditional access optimization, demonstrating their immediate impact.
The announcements are part of Microsoft’s broader ‘Security for AI’ initiative, which extends to cover the entire lifecycle of enterprise AI. Recent enhancements to Azure AI Foundry Content Safety provide comprehensive protection for AI agents, including agent task adherence guardrails for real-time intervention, the ability to detect and block personally identifiable information (PII), and ‘Spotlighting’ in cross-prompt injection attack protection to distinguish between trusted and untrusted inputs. Vasu Jakkal, Corporate Vice President, Microsoft Security, emphasized this, stating, ‘We’ve reimagined Microsoft Sentinel as an AI-ready platform, unifying security data into a single, enriched data lake that delivers graph-powered visibility and intelligent agent capabilities.’
Also Read:
- Databricks Introduces Data Intelligence for Cybersecurity to Fortify Defenses Against AI-Driven Threats
- Permiso Enhances Identity Security Platform with Comprehensive AI Protection for Users, Builders, and Autonomous Agents
Microsoft stresses the importance of end-to-end protection for AI, requiring agents to identify their data sources and document their decision-making processes to enhance transparency and accountability. The expanded Sentinel platform also offers greater interconnectivity with other Microsoft tools like Entra, Purview, and Defender, providing security teams with unified visibility and the ability to trace attack paths and prioritize responses without leaving their existing workflows. The ecosystem is further strengthened by partners like Semperis, an AI-powered identity security provider, which has joined the Microsoft Sentinel Partner Ecosystem to extend its capabilities and improve operational resilience globally.
