NewReal-time incident board is live
How it works

From consent to coverage, end to end.

A clear path from onboarding a client to actively defending them — with nothing to deploy on their side.

01

Connect a client tenant

An admin generates a Microsoft admin-consent link and sends it to the client's Global Administrator. One click grants SentinelHub read-only access to that tenant's Defender data — scoped to exactly the permissions it needs, nothing more.

  • Encrypted state ties consent to your org
  • Defender products auto-detected
  • Tenant limits enforced per plan
02

Sync security data

Once connected, alerts, incidents and Secure Scores flow in automatically. Microsoft Graph webhooks push new alerts the moment they fire, while a background worker keeps everything in sync and creates each new tenant's subscriptions. Need a refresh now? Hit “Sync now”.

  • Real-time webhook push
  • Scheduled background sync
  • On-demand sync per tenant
03

Monitor & triage

Work from one console: filter the unified alert feed, drag incidents across the board, assign analysts, and drill into evidence and MITRE techniques. Every status change and note lands in a timeline.

  • Filterable alert table
  • Drag-and-drop incident board
  • Score trends and comparison
04

Get notified & respond

Notification rules send the right alerts to email, Slack or Teams — filtered by severity and tenant, with cooldowns to cut noise. Critical alerts also surface instantly in-app via live toasts.

  • Rules per trigger, severity, tenant
  • Slack / Teams / email
  • Live in-app toasts
How it works — SentinelHub