Microsoft Azure Sentinel Moves into Microsoft Defender

SIEM + XDR, Together at Last

If you work in SecOps, you’ve probably seen this coming: SIEM and XDR are finally being combined. Microsoft has now made it official: Sentinel will be integrated into the Microsoft Defender portal, with the Azure Sentinel experience set to retire on July 1, 2026. This means all your incident management, threat hunting, automation, and AI tools will be accessible in one place—no more switching between multiple tabs.

And because this isn’t a rip-and-replace situation, the transition will be considerably smoother for your team. You can connect your existing Sentinel workspace(s) to Defender today—new customers are onboarded there already by default.

Why SIEM + XDR Matters

Most security teams are stretched thin, very thin. Splitting detection and response across two portals adds unnecessary overhead and complexity you don’t need. With Sentinel embedded inside Defender, now you get the following:

• A single incident queue
• Unified entity pages for users, devices, and IPs
• Advanced Hunting across data sets
• Security Copilot integrated end-to-end

This move achieves a unified investigation flow, with less false alerts and quicker routes from alert to action.

The AI Edge: Security Copilot

More than just UI consolidation, this move introduces AI-powered SecOps. With Security Copilot built in, analysts can summarize incidents, narrow log pulldowns, generate KQL queries, analyze scripts, and draft incident reports. Collectively, this means more time focused on mitigating real-time threats and less time wrangling data.

Key Changes in the New Microsoft Defender XDR Portal

Here are a few functional changes to be aware of:

• Incident Correlation: Now handled by Defender XDR’s incident engine—enabling smarter, stitched attack stories for ease or reporting.
• Threat Intel: moved under “Intel management” with improved enrichment workflows.
• Automation Rules: Some triggers and incident providers have changed—review them before switching over.

Microsoft Sentinel Retirement Timeline and Key Dates

If you’re still operating in Azure Sentinel, now is the time to plan your move. Start with training your team, reviewing logs and alert setting, and updating workflows to avoid last-minute disruption.

• Azure Sentinel is available in Defender now
• All new tenants onboarded automatically July 1, 2025
• Azure Sentinel portal experience retires July 1, 2026

Next Steps: Planning Your Move to Microsoft Defender

If you lead a SOC team, this shift from Microsoft is worth your attention. It empowers your analysts with better tools, faster workflows, and integrated AI. By July 2026, every Sentinel customer will be on Defender—and those who move early will reap the benefits sooner.

Curious how the unified Defender + Sentinel experience changes your detection and response workflow? Get in touch with Planet Technologies. We’ll  walk through a transition roadmap, while sharing best practices from production environments industrywide. Contact [email protected] to get started.