Microsoft Launches Agentic SOC Capabilities in Sentinel with MCP Entity Analyzer
Microsoft unveiled a suite of agentic AI security capabilities at RSAC 2026, transforming Microsoft Sentinel into what the company calls an "agentic defense platform." The centerpiece is the Sentinel MCP Entity Analyzer, becoming generally available in April 2026 — making Sentinel the first major SIEM to embed Model Context Protocol natively for AI-powered threat analysis.
The MCP Entity Analyzer provides reasoned, out-of-the-box risk assessments that help security teams understand whether a URL, user identity, or entity represents potential malicious activity. It analyzes data across threat intelligence, prevalence, and organizational context to generate explainable verdicts. Anthropic Claude can connect to Sentinel through a custom MCP connector for cross-platform AI-assisted analysis.
Additional agentic capabilities announced include: a Security Analyst Agent in Defender (preview March 26) that autonomously investigates threats; a Security Alert Triage Agent (preview April) for automated alert prioritization; Entra Internet Access Shadow AI Detection (March 31) for discovering unmanaged AI applications at the network layer; and a natural language playbook generator for automating SOC workflows without code.
These features are part of Microsoft's broader agentic AI security strategy that spans Defender, Entra, Purview, and Sentinel. Microsoft Agent 365, the control plane for enterprise AI agent governance, reaches general availability May 1.
RSAC 2026 booth: North Expo N-5744
Blog: https://www.microsoft.com/en-us/security/blog/2026/03/20/secure-agentic-ai-end-to-end/
← Back to all articles
The MCP Entity Analyzer provides reasoned, out-of-the-box risk assessments that help security teams understand whether a URL, user identity, or entity represents potential malicious activity. It analyzes data across threat intelligence, prevalence, and organizational context to generate explainable verdicts. Anthropic Claude can connect to Sentinel through a custom MCP connector for cross-platform AI-assisted analysis.
Additional agentic capabilities announced include: a Security Analyst Agent in Defender (preview March 26) that autonomously investigates threats; a Security Alert Triage Agent (preview April) for automated alert prioritization; Entra Internet Access Shadow AI Detection (March 31) for discovering unmanaged AI applications at the network layer; and a natural language playbook generator for automating SOC workflows without code.
These features are part of Microsoft's broader agentic AI security strategy that spans Defender, Entra, Purview, and Sentinel. Microsoft Agent 365, the control plane for enterprise AI agent governance, reaches general availability May 1.
RSAC 2026 booth: North Expo N-5744
Blog: https://www.microsoft.com/en-us/security/blog/2026/03/20/secure-agentic-ai-end-to-end/
Comments