Microsoft’s Vasu Jakkal On Why Sentinel Is Now The ‘Backbone For Agentic Defense’

In an interview with CRN, Jakkal says that the introduction of Sentinel data lake and other new capabilities aims to make the platform much more than a SIEM.

Microsoft is transforming its Sentinel platform to become a centerpiece of the tech giant’s cybersecurity strategy for the AI and agentic era, top Microsoft security executive Vasu Jakkal told CRN.

Originally a cloud-native SIEM (security information and event management) offering, Sentinel is becoming a platform with much broader relevance through the introduction of Sentinel data lake and other new capabilities focused around enabling agentic-powered security, according to Jakkal, corporate vice president for security, compliance, identity, management and privacy at Microsoft.

“I think of it as, Sentinel is the foundation, the backbone for agentic defense,” Jakkal said in an interview with CRN.

On Tuesday, Microsoft announced updates including general availability for its Sentinel data lake and forthcoming new features such as a Sentinel graph capability and Sentinel Model Context Protocol (MCP) server.

Meanwhile, Microsoft also disclosed functionality in Security Copilot that provides users with a no-code approach to building security agents.

Ultimately, “for agentic defense, you need an end-to-end, agentic platform, which is the Microsoft security platform with Sentinel and Copilot,” Jakkal said. “I think for our partners, my call to action is, let's go create.”

What follows is an edited portion of CRN’s interview with Jakkal.

What’s the biggest message from your announcements on Sentinel and Security Copilot when it comes to AI and agentic?

We believe that in this agentic AI [transition], we have to secure agentic AI end-to-end. And that's where we are marching [toward]. And for that, we need an AI-first, end-to-end platform. Sentinel is that platform with agentic capabilities. And then Security Copilot is going to be critical, because we do want to use an agentic workforce for our defense as well.

Security is going to be the tip of the spear for AI. It is going to be the most critical thing for us to do, because it's directly related to trust. So if we don't do security right, we can't really trust well — and if we don't do trust well, we can't really unlock the potential of AI.

But organizations also want to have a unified pane of glass where they can connect with all of these tools and technologies. And so with Sentinel, now you can easily connect with these tools. Secondly, with the agentic layers in Sentinel, you can develop your own agents and get access through the MCP server. … We also give our customers this unified data, which is cost-effective for them to surface. And it kind of ushers in the next era of innovation with security agentic AI.

With Sentinel getting a bigger role here, do you see the platform being even more at the center of everything you're looking to do on security going forward?

It is. Sentinel started as a SIEM, so it's journeyed from SIEM to data lake. But one of the most important things that we're announcing is this [Sentinel] graph capability. It's not just Defender where this graph shows up — Sentinel is going to integrate with Purview and the other products that we have, so that it's just the backbone of everything we do. The security practitioners who are using the tools — whether you're using Defender or Purview or Entra, Intune — you can get the benefit of Sentinel through the technologies you use. And that's the same thing for Copilot. So I think of it as, Sentinel is the foundation, the backbone for agentic defense. Copilot is that universal interface — it is that easy button which helps us with agents.

Getting security tools to work better together has already been a major focus, but do you think AI is the impetus to even accelerate that?

On average we see 40-plus tools. So there's a lot of fragmentation, and there's a huge talent shortage. So when you have such high fragmentation, and you don't have the people to stitch it together, and then the data is all fractured — many organizations have multiple clouds, they have multiple platforms, multiple tools — it's just really hard. And for securing AI, I'm a big believer that you've got to secure end-to-end, you've got to get the foundations right. And it starts with really understanding your assets, your activities. That requires great data. And so with Sentinel, now we have this one unified security data lake integrating with 350-plus connectors, so you can bring all those tools, federated with Google Cloud and AWS data, so you don't have to stitch it all together. We are doing that for you, and so that helps. And then, of course, with Defender, Purview and Entra, Intune, we’ve been on a consolidation journey, where it makes sense. [We want to] skate where the puck is going, and the puck is going to an agentic world. Microsoft is predicting 1.3 billion agents by 2028, and 82 percent of the leaders we talk to are in the process of using agents or planning to use agents in the next 12 to 18 months. And I do believe security is one of the best use cases for agentic AI, because security has always been asymmetric. So now we can use the superpowers of agentic AI for security. It starts with having a platform. So this MCP server is a big deal, because now agents can access data. Because if they don't have the data, they're not going to be able to really unlock their own potential. I also believe that's why defenders are going to have an advantage over attackers in agentic AI, because of this data advantage that we have.

What would be the biggest things you think partners and customers need to be investing in now to stay ahead and get as proactive as possible?

The headline for our partners and our customers is that for agentic defense, you need an end-to-end, agentic platform, which is the Microsoft security platform with Sentinel and Copilot. I think for our partners, my call to action is, let's go create. Get on the platform, get the APIs, start connecting. We’re providing all this data, so you don't need to build all that data. You don't have to invest in that. We're also making it cheaper, because we announced [Sentinel] data lake. We are making the MCP server available. We are making semantic indexing available. We are making agentic orchestration available. So this is for [the] partners. In [the past], the barrier to entry for attackers was very low, and the barrier to become a defender was very high. We are lowering the barrier to entry for everyone to become a defender … We want to make it easy, and we want defenders everywhere to have an edge.