In plain English
Microsoft Sentinel is the enterprise brain for security monitoring. It collects logs from across your entire environment — Microsoft 365, Defender, Azure, firewalls, third-party tools — correlates them using AI and analytics rules, and can automatically respond to common threats. It sits above individual Defender products and provides a single unified view of all security events.
Full definition
Sentinel ingests data from hundreds of connectors — Microsoft services, AWS, Google Cloud, firewalls, identity providers, and on-premises systems — and stores it in Azure Log Analytics workspaces. Analytics rules correlate events across data sources to detect attack patterns that no single product would see in isolation.
For most Australian SMEs, the native Microsoft Defender portal provides sufficient threat detection and response. Sentinel becomes valuable when organisations need cross-environment correlation (e.g., combining signals with AWS CloudTrail), long-term log retention for compliance, or automated SOAR playbooks for high-volume alert triage.