Security operations capabilities

This article lists the capabilities that can help with security operations.


Capability Description More information
Azure Sentinel Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Azure Sentinel documentation
Azure Security Center Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises. Azure Security Center documentation
Azure Active Directory Identity Protection Azure AD Identity Protection enables you to detect potential vulnerabilities affecting your organization's identities and configure automated remediation policy to low, medium, and high sign-in risk and user risk. What is Azure Active Directory Identity Protection?
Azure Advanced Threat Protection Azure Advanced Threat Protection (ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Azure ATP empowers SecOp analysts and security professionals to detect advanced attacks in hybrid environments. Azure Advanced Threat Protection documentation
Office 365 Advanced Threat Protection Office 365 Advanced Threat Protection (ATP) safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. Office 365 Advanced Threat Protection
Microsoft Defender Advanced Threat Protection Microsoft Defender Advanced Threat Protection is endpoint protection platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. What is Microsoft Defender Advanced Threat Protection?
Microsoft Cloud App Security Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that operates on multiple clouds. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services. Microsoft Cloud App Security documentation
Azure Monitor Azure Monitor maximizes the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on. Azure Monitor documentation

Next steps

For additional security guidance from Microsoft, see Microsoft security documentation.