Microsoft said this week it has made the Sentinel MCP Server – announced in late 2025 — generally available, and the company is laying out use cases where the server’s cross-platform security data access can deliver impact.
Microsoft Sentinel MCP Server, leveraging the widely embraced Model Context Protocol, provides access to intelligence across internal and external data sources and automates investigations.
The latest Microsoft server also extends the footprint and value of MCP, which provides a standard means of connections between AI tools and data sources, including those that house vast amounts of security data.
One of the challenges faced by Security Operations Center (SOC) teams is that they’re required to make judgments based on a limited context window, despite the fact that many security threats and incidents are best detected with longer-term views.
With the Sentinel MCP Server, they have extended visibility that allows analysts to understand what “normal” conditions look like across business cycles, seasonal usage patterns, and organizational changes. This enables better anomaly detection, more insightful behavioral baselines, and detection of slow-moving attacks, among other benefits.
KQL (the Sentinel query language) and Spark notebooks (used for large-scale data analytics) are both widely used for analyzing data in the Sentinel data lake.
Microsoft Sentinel MCP Server allows teams to convert natural-language explorations into full KQL queries or Spark Notebook cells to operationalize insight they’ve gathered. In so doing, it democratizes access to big security data and is ushering in what Microsoft is calling the Agentic SOC Era.
It also enables AI-driven agents including Security Copilot, GitHub Copilot, Azure Foundry, and ChatGPT Enterprise to perform advanced reasoning over security telemetry.
Here’s how the server functions:
- Queries are created in natural language and parsed into actionable intents
- The underlying AI model performs semantic interpretation, mapping intent to relevant security artifacts
- The server combines enterprise security datasets with embedded domain knowledge for correlation in order to orchestrate retrieval
- Outputs are delivered as structured artifacts for analyst workflows and automation
Sentinel MCP Server in Practice
The MCP server can reason over external knowledge and then being able to operationalize that knowledge against internal security data. For example, the model can ingest a public report, extract attacker behavior, and turn it into a structured investigation plan.
In this scenario, the LLM reads an external blog post describing a phishing campaign. It identifies concrete tactics and signals, such as proxy-based sign-ins or multi-factor authentication bypass methods. It can convert those descriptions into explicit hypotheses to test against security data.
An analyst can then create a prompt that references the tactics described in the blog, request that the LLM checks for similar activities, deliver matching suspicious events, and include a simple risk summary as well as recommended actions.
With this type of insight and action plan, the MCP server bridges the gap between human-readable threat intelligence and machine-scale validation, Microsoft said. It also underscores the ever-expanding value of MCP across AI and corporate data/software estates.
More Security and MCP Insights:
- Security Leaders Ramp Up Agentic Use Cases — While Protecting Against Shadow AI
- Microsoft Taps Power of AI To Expand Breadth, Depth of Security Investigations
- Microsoft Strengthens Threat Detection for Defender, Agent 365
- Okta Exec Explains How Protocol Update Strengthens MCP Security
AI Agent & Copilot Summit is an AI-first event to define opportunities, impact, and outcomes with Microsoft Copilot and agents. Building on its 2025 success, the 2026 event takes place March 17-19 in San Diego. Get more details.
Tom Smith
Analyst
Cloud Wars, Agent and Copilot
Related Posts
