A company uses Azure resources, on-premises servers, and third-party cloud apps. The security team wants a single solution to collect security logs from all these sources, detect threats using advanced analytics, and automate responses to incidents. Which Microsoft security solution should they use?
Correct. Microsoft Sentinel is designed to ingest logs from multiple sources, provide threat detection via analytics, and automate responses.
Why this answer
Microsoft Sentinel is the correct choice because it is a cloud-native SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) solution that can ingest logs from Azure resources, on-premises servers via the Log Analytics agent or Azure Arc, and third-party cloud apps using connectors. It provides advanced analytics with built-in machine learning to detect threats and supports automated incident response through playbooks powered by Azure Logic Apps.
Exam trap
The trap here is that candidates often confuse Microsoft Defender for Cloud (a CSPM tool) with a SIEM solution, failing to recognize that Sentinel is the only Microsoft service designed specifically for cross-source log aggregation, advanced threat detection, and automated incident response in a hybrid multi-cloud environment.
How to eliminate wrong answers
Option A is wrong because Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and workload protection platform, not a SIEM; it does not natively collect logs from on-premises servers or third-party cloud apps for unified threat detection and automated response. Option B is wrong because Microsoft Intune is a mobile device management (MDM) and mobile application management (MAM) solution focused on endpoint compliance and app policies, not on collecting security logs or performing threat detection across hybrid environments. Option D is wrong because Microsoft Purview Compliance Manager is a compliance management tool that helps assess and manage regulatory compliance, not a security log collection or threat detection solution.