From consent to coverage, end to end.
A clear path from onboarding a client to actively defending them — with nothing to deploy on their side.
Connect a client tenant
An admin generates a Microsoft admin-consent link and sends it to the client's Global Administrator. One click grants SentinelHub read-only access to that tenant's Defender data — scoped to exactly the permissions it needs, nothing more.
- Encrypted state ties consent to your org
- Defender products auto-detected
- Tenant limits enforced per plan
Sync security data
Once connected, alerts, incidents and Secure Scores flow in automatically. Microsoft Graph webhooks push new alerts the moment they fire, while a background worker keeps everything in sync and creates each new tenant's subscriptions. Need a refresh now? Hit “Sync now”.
- Real-time webhook push
- Scheduled background sync
- On-demand sync per tenant
Monitor & triage
Work from one console: filter the unified alert feed, drag incidents across the board, assign analysts, and drill into evidence and MITRE techniques. Every status change and note lands in a timeline.
- Filterable alert table
- Drag-and-drop incident board
- Score trends and comparison
Get notified & respond
Notification rules send the right alerts to email, Slack or Teams — filtered by severity and tenant, with cooldowns to cut noise. Critical alerts also surface instantly in-app via live toasts.
- Rules per trigger, severity, tenant
- Slack / Teams / email
- Live in-app toasts