Control 3.9: Microsoft Sentinel Integration
Control ID: 3.9 Pillar: Reporting Regulatory Reference: OCC Heightened Standards, Fed SR 11-7, FINRA 4370, SOX 404 Last UI Verified: February 2026 Governance Levels: Baseline / Recommended / Regulated Last Verified: 2026-02-03
Objective
Integrate AI agent monitoring with Microsoft Sentinel SIEM/XDR capabilities for enterprise-grade security visibility, automated threat detection, and centralized incident response. This control enables proactive security monitoring of agent behavior patterns and rapid response to anomalies.
Why This Matters for FSI
- OCC Heightened Standards: Require enhanced monitoring for technology risk
- Fed SR 11-7: Model risk management extends to AI agent security
- FINRA 4370: Business continuity requires security incident detection
- SOX 404: IT controls must include security monitoring
- Regulatory Expectations: Centralized SIEM demonstrates security maturity
Control Description
Microsoft Sentinel integration provides advanced security analytics for AI agents through data connectors, custom analytics rules, automated response playbooks, and proactive hunting capabilities.
Integration Options (February 2026)
Sentinel MCP Server (GA November 2025) provides the primary integration path for Copilot Studio agents, enabling natural language queries against Sentinel data. For monitoring Power Platform agent activity, use the Power Platform Admin Activity connector.
| Integration Path | Use Case | Log Analytics Table |
|---|---|---|
| Sentinel MCP Server | Agent queries Sentinel data via natural language | Sentinel data lake |
| Power Platform Admin Activity | Monitor agent admin events, DLP changes | PowerPlatformAdminActivity |
| Application Insights | Custom telemetry, conversation logs, CSAT | AppTraces, custom tables |
| Capability | Description |
|---|---|
| Data Connectors | Ingest logs from M365, Power Platform, Entra ID |
| Analytics Rules | Detect unusual agent behavior patterns |
| Workbooks | Visualize agent security posture |
| Automation | Respond to threats automatically |
| Hunting | Proactive threat investigation |
Key Detection Scenarios:
| Scenario | Detection Method | Response |
|---|---|---|
| Unusual data access | Baseline deviation | Alert + review |
| DLP violation | Policy match | Alert + suspend |
| After-hours activity | Time-based rule | Alert + log |
| Mass data download | Volume threshold | Alert + block |
| Runtime protection block | XDR alert from Defender/AI-SPM | Alert + investigate |
Key Configuration Points
- Deploy Microsoft Sentinel workspace in dedicated resource group
- Connect data sources: M365 Defender, Entra ID, Microsoft 365, Defender for Cloud Apps
- Enable Power Platform Admin Activity connector for administrative events
- Create analytics rules for agent anomalies: unusual access, DLP violations, after-hours activity
- Build workbooks for agent activity visualization and security metrics
- Configure automation rules for high-severity alerts (suspend agent, notify security)
- Develop hunting queries for proactive investigation
- Integrate incident management with Control 3.4
Three Data Ingestion Pathways
Organizations have three primary pathways for ingesting agent-related telemetry into Sentinel:
| Pathway | Best For | Data Coverage | Setup Complexity |
|---|---|---|---|
| Power Platform Admin Activity | Administrative oversight | Environment changes, DLP policy events, agent metadata | Low |
| Purview Unified Audit Log | Compliance and interaction monitoring | CopilotInteraction events, XPIA/Jailbreak detections, resource access | Medium |
| Defender CloudAppEvents | Security operations | Runtime threat detections, cloud app activity, alert correlation | Medium |
Pathway Selection
Most FSI organizations implement all three pathways: Power Platform Admin Activity for governance, Purview UAL for compliance evidence (FINRA 4511), and CloudAppEvents for security operations (OCC Heightened Standards).
Available Data Sources for Agent Monitoring
| Data Source | Connector | Log Analytics Table | What's Captured |
|---|---|---|---|
| Power Platform Admin Activity | Power Platform Admin Activity | PowerPlatformAdminActivity |
Admin actions, DLP changes, environment events, agent metadata changes |
| Purview Unified Audit Log | Microsoft 365 | OfficeActivity (CopilotInteraction) |
Agent interactions, XPIA/Jailbreak detections, resource access status, policy blocks |
| M365 Defender | Microsoft 365 Defender | DeviceEvents, AlertInfo |
XDR alerts including AI-SPM detections |
| Entra ID | Entra ID | SignInLogs, AuditLogs |
Agent identity sign-ins, consent grants |
| Defender for Cloud Apps | Defender for Cloud Apps | CloudAppEvents |
Cloud app activity, shadow IT detection, UPIA/XPIA flags |
| Application Insights | Custom (Log Analytics workspace link) | AppTraces, AppRequests |
Agent telemetry, conversation logs, CSAT (requires custom setup) |
Microsoft Copilot Data Connector (GA)
Microsoft Sentinel now includes a dedicated Microsoft Copilot data connector that ingests Copilot-specific telemetry without requiring manual configuration of individual data sources. This connector provides:
- Copilot prompt and response metadata (not content)
- Agent interaction telemetry
- Copilot usage patterns and anomaly detection signals
- Integration with Sentinel analytics rules for automated threat detection
Configure at the Defender portal (security.microsoft.com) > Microsoft Sentinel > Data connectors > Microsoft Copilot.
Sentinel MCP Server Integration (Primary Path)
The Sentinel MCP (Model Context Protocol) Server provides native integration between Copilot Studio agents and Microsoft Sentinel, enabling natural language security queries.
Configuration Steps:
- Navigate to Copilot Studio > Select agent > Tools
- Add the Sentinel tool collection from available MCP servers
- Configure Microsoft Entra authentication for the Sentinel workspace
- Test with natural language queries (e.g., "Find the top 3 users at risk")
Capabilities:
| Feature | Description |
|---|---|
| Natural language queries | Translate security questions to optimized data lake queries |
| Incident investigation | Agent assists with threat analysis and triage |
| Alert summarization | AI-powered summaries of security incidents |
| Hunting assistance | Guided threat hunting with Copilot |
Requirements
Sentinel MCP Server requires Microsoft Entra authentication and incurs AI model costs. Data residency follows the connected Sentinel workspace region.
Custom Integration for Comprehensive Telemetry
For organizations requiring conversation-level monitoring beyond administrative events:
Copilot Studio Agent
↓
Application Insights (custom telemetry)
↓
Log Analytics Workspace
↓
Microsoft Sentinel (analytics rules, workbooks)
Implementation Steps:
- Configure Application Insights in Copilot Studio agent settings
- Enable sensitive activity property logging (see warning below)
- Link Application Insights to Log Analytics workspace
- Create custom analytics rules against
AppTracesand custom event tables - Build Sentinel workbooks for conversation metrics and CSAT trends
Sensitive Properties Required for Conversation Content
By default, Copilot Studio's Application Insights integration sends sanitized telemetry — event metadata without conversation text. To capture actual conversation content (prompts, responses, user IDs) required for FINRA 4511 recordkeeping, the following settings must be enabled:
- Copilot Studio > Agent > Settings > Advanced > Application Insights > enable "Log sensitive activity properties" — includes PII and conversation text in telemetry payloads
- Power Platform Admin Center > Environments > [Your Environment] > Settings > Product > Features > enable "Allow conversation transcripts" — tenant-level prerequisite that can block downstream telemetry if disabled
Without these settings, the customEvents table in Application Insights will show event occurrences (e.g., BotMessage, UserMessage) but with empty text fields, creating incomplete audit records that do not satisfy recordkeeping requirements.
PII Governance Note: Enabling sensitive properties routes PII into Application Insights. Ensure the Application Insights resource has appropriate access controls, data retention policies aligned with zone requirements (see Control 1.7), and is included in your organization's data governance scope.
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal) | Basic logging; monthly review | Low-risk, minimal monitoring |
| Zone 2 (Team) | Analytics rules; weekly workbook review | Team data exposure |
| Zone 3 (Enterprise) | Full detection suite; real-time alerting; automated response | Customer-facing, highest security need |
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| Entra Security Admin | Sentinel deployment, connector configuration |
| Security Operations | Monitor alerts, investigate incidents |
| AI Governance Lead | Define detection requirements, review workbooks |
| Power Platform Admin | Ensure log ingestion, workspace health |
Related Controls
| Control | Relationship |
|---|---|
| 1.7 - Audit Logging | Data source for Sentinel |
| 1.8 - Runtime Protection | Threat signals integration |
| 1.24 - AI-SPM | AI security alerts and attack paths |
| 3.4 - Incident Reporting | Incident workflow integration |
| 3.7 - Security Posture | Complementary security view |
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, automation, testing, and troubleshooting:
- Portal Walkthrough — Step-by-step portal configuration
- PowerShell Setup — Automation scripts
- Verification & Testing — Test cases and evidence collection
- Troubleshooting — Common issues and resolutions
Agent Usage & Performance Workbook
The Agent Usage & Performance Workbook uses Application Insights as its data source — the same telemetry pipeline that feeds Sentinel integration. Organizations using both tools gain complementary visibility: the workbook provides operational dashboards while Sentinel handles security alerting and incident response. See the Telemetry Schema Reference for data field mappings.
Verification Criteria
Confirm control effectiveness by verifying:
- All required data connectors show "Connected" status with recent data
- Analytics rules for agent anomalies are enabled and generating alerts
- Workbook displays agent activity metrics without errors
- Automation rules execute successfully on test alerts
- Hunting queries return results from recent agent activity
- Incidents integrate with incident tracking system (Control 3.4)
Additional Resources
Portal Transition Update (February 2026)
Microsoft extended the Sentinel Azure portal deprecation timeline. Sentinel will no longer be supported in the Azure portal after March 31, 2027 (previously July 2026). Organizations should plan their transition to the Microsoft Defender portal accordingly.
- What is Microsoft Sentinel
- Microsoft Sentinel Data Connectors
- Create Custom Analytics Rules
- Microsoft Sentinel Workbooks
- Automation Rules
Updated: February 2026 | Version: v1.2 | UI Verification Status: Current