Microsoft Sentinel MCP Server

The Microsoft Sentinel MCP server (data exploration collection) is a remote, Microsoft-hosted MCP endpoint that lets AI agents search for relevant tables and retrieve security data from the Microsoft Sentinel data lake using natural language. It is part of Microsoft Sentinel's unified MCP tool collection and is accessible to any MCP-compatible client, including Visual Studio Code, Microsoft Security Copilot, Microsoft Copilot Studio, and Microsoft Foundry.

The data exploration collection exposes tools for semantic table discovery (search_tables), running Kusto Query Language (KQL) queries against the data lake (query_lake), listing connected Sentinel workspaces (list_sentinel_workspaces), and AI-driven entity analyzers that reason over authentication patterns, threat intelligence, and behavioral data to produce verdicts on user and URL entities (analyze_user_entity, analyze_url_entity, get_entity_analysis). The entity analyzers consume Security Compute Units (SCUs) and require Security Copilot Contributor permissions.

The server itself is hosted by Microsoft at https://sentinel.microsoft.com/mcp/data-exploration and authenticates users via OAuth 2.0. The linked GitHub repository (microsoft/sentinel-data-exploration-mcp) primarily provides install badges and pointers to the official documentation rather than runnable source code, since the server runs as a managed Microsoft service.

Tools

Prerequisites

• Onboarded Microsoft Sentinel data lake tenant.
• An identity (user, managed identity, or service principal) with at least one of these roles: Security Reader, Security Operator, or Security Administrator.
• For entity analyzer tools (analyze_user_entity, analyze_url_entity, get_entity_analysis): Security Copilot Contributor role. These tools consume Security Compute Units (SCUs).
• An MCP-compatible client: VS Code, Microsoft Security Copilot, Microsoft Copilot Studio, or Microsoft Foundry.

Server endpoint

The data exploration collection is hosted at:

https://sentinel.microsoft.com/mcp/data-exploration

Authentication uses OAuth 2.0 against the signed-in Microsoft account.

Visual Studio Code setup

1. Press Ctrl + Shift + P and select MCP: Add Server.
2. Choose HTTP (HTTP or Server-Sent Events).
3. Enter the server URL: https://sentinel.microsoft.com/mcp/data-exploration
4. Assign a Server ID (for example, Microsoft Sentinel MCP server).
5. Choose whether the server is available globally or per workspace.
6. When prompted, select Allow and sign in with an account that has a Security reader role (or higher).

The resulting VS Code mcp.json entry looks like:

{
  "servers": {
    "Microsoft Sentinel MCP server": {
      "type": "http",
      "url": "https://sentinel.microsoft.com/mcp/data-exploration"
    }
  }
}

For other clients (Security Copilot, Copilot Studio, Foundry), follow the platform-specific instructions in the Microsoft Sentinel MCP get-started guide.

• Discover relevant Sentinel tables and their schemas from a natural-language description before authoring a KQL hunt.
• Run targeted KQL queries against the Sentinel data lake to retrieve sign-in events, alerts, or device telemetry inline from an AI agent.
• Investigate a suspected compromised user by triggering analyze_user_entity over a 7-day window and consuming the AI-generated verdict and behavioral insights.
• Triage URL or domain IOCs from a threat report by running analyze_url_entity against organizational click, email, and threat intelligence data.
• Build security agents that autonomously detect password spray, impossible travel, MFA failure spikes, or dormant account reactivation by orchestrating search_tables and query_lake calls.

• "List my Sentinel workspaces, then find sign-in failures in the last 24 hours and summarize the key findings."
• "Find the top three users at risk in workspace X over the last 7 days and explain why they are at risk."
• "Investigate users with a password spray alert in the last seven days and tell me if any of them are compromised."
• "Identify devices that showed an outstanding number of outgoing network connections last week."
• "Analyze the URLs in this threat analytics report and tell me everything Microsoft knows about them."

• Official Microsoft-hosted server with no infrastructure to run, authenticated via the user's Entra ID.
• Combines schema-aware semantic search with direct KQL execution, so agents can self-correct queries against the Sentinel data lake.
• Includes managed AI entity analyzers for users and URLs that reason over Microsoft threat intelligence and behavioral data.
• Works across multiple Microsoft and third-party MCP clients (VS Code, Security Copilot, Copilot Studio, Foundry).

• Requires onboarding to the Microsoft Sentinel data lake and appropriate Defender/Sentinel roles, so it is not usable without an existing Sentinel tenant.
• Entity analyzer tools consume billable Security Compute Units (SCUs) and have preview thresholds that limit concurrent runs.
• A long list of _CL custom Sentinel tables is explicitly unsupported by search_tables, and analyze_user_entity does not support on-premises Active Directory-only users.

• Microsoft Sentinel triage tool collection: sibling Microsoft-hosted MCP collection focused on incident triage rather than raw data exploration.
• dstreefkerk/ms-sentinel-mcp-server: community, non-production MCP server for Sentinel logs, incidents, analytics, and Entra ID data.
• Azure MCP server: broader Azure resource access including Log Analytics workspaces underlying Sentinel.