SoftwareOne logo

6 min to readThought Leadership

Microsoft Sentinel vs Microsoft Defender vs Copilot for Security - which Zero Trust tool do you need?

Mario GamaPractice Leader

Speaking at a recent Cybersecurity Summit, Microsoft CEO Satya Nadella explained that: “we've spent years building our zero trust approach internally at Microsoft… We are committed to sharing what we have learned to help every organization accelerate their progress”.

Microsoft Sentinel and Microsoft Defender for Cloud, and more recently Microsoft Copilot for Security, are tools the technology company has released to help companies “accelerate their progress” towards world-class security.

All three can be used in the development of an extremely successful Zero Trust security strategy, and so it can be unclear which you should use, or how. Let’s learn more about these two solutions, and how they work together to support Zero Trust.

What is Zero Trust?

Before comparing Microsoft solutions, it’s first helpful to understand their purpose. Essentially, both technologies can be used to support a Zero Trust security model.

Zero Trust means exactly what the name implies. It’s a security model where people (or devices) who enter your company’s IT network must continually prove that they are who they say they are. Just because they’ve correctly logged in once, they are not implicitly trusted.

To understand Zero Trust, it’s helpful to compare it with the traditional security model:

Traditional security

Someone enters your systems with a username and the correct password. You implicitly trust that this person is a ‘good actor’ because they’ve got the correct login credentials. Once they’re inside, they can do whatever they want on your network.

If a hacker has entered your systems, there are almost no checks to prevent them doing any more damage.

Zero Trust model

Someone enters your systems with the correct credentials. However, they are only given access to files or systems that they have been given permission to view. If they want to explore more of your network, they need to prove who they are again. They must regularly confirm their identity – often using very advanced authentication methods (such as with biometrics).

If a hacker has entered your system, their progress will continually be slowed or stopped.

Why do we need Zero Trust?

Today, people often work outside the company network, using different devices and on networks with an unknown security level. Therefore, a more rigorous approach to security is required.

At the same time, attacks are increasingly heterogeneous, spanning different parts of the enterprise and various resource types. For example, they might start from an IoT device, proceed to an endpoint, spread to a cloud service or a database, and involve multiple user accounts or tenants, etc.

Three Microsoft solutions for Zero Trust

If your organisations primarily uses Microsoft technology, then Microsoft Defender, Microsoft Sentinel, and Microsoft Copilot for Security are three solutions that help support a Zero Trust model across your environment. They have several things in common, but also have a slightly different purpose from one another.

What is the difference between Microsoft Defender and Microsoft Sentinel and Microsoft Copilot for Security?

If you have not used Microsoft Sentinel, Copilot, or Microsoft Defender before, you might be unsure about the differences between the two products and how they should be used. Putting it simply:

  • Microsoft Defender

    is a source of recommendations, alerts, and diagnostics.

  • Microsoft Sentinel

    Helps with threat hunting, automated playbooks, and incident response, as well as assistance with manual incident investigations.

  • Copilot for security

    is a tool that supports cybersecurity staff to enact policies and discover issues.

Note that both products are highly complementary and can be easily enabled due to out-of-the-box integration.

A complete set of tools to support Zero Trust

If your organisation is looking to implement a Zero Trust security model, then Microsoft Sentinel and Microsoft Defender can contribute towards that ambition. And Copilot for Security can accelerate your adoption and management. By configuring them to your organisation’s needs and context, all these technologies provide powerful methods for making a secure, Zero Trust model possible.

Looking to implement Zero Trust across your IT network? SoftwareOne can help. Our highly experienced teams can support you to configure Zero Trust solutions like Sentinel, Defender and Copilot - and ensure your systems are secure.



Mario Gama
Practice Leader