Microsoft Sentinel is moving – are you ready for the 2026 deadline?
This blog covers Microsoft’s plan to move all Sentinel workspaces from the Azure portal to the Microsoft Defender portal by 1st July 2026. More than a visual update, this shift unifies Microsoft’s security tools into a single platform, streamlining workflows and improving integration. Claranet is helping organisations prepare with tailored transition plans to ensure a smooth, secure, and efficient migration.
By 1st July 2026, Microsoft will transition all Sentinel workspaces into the Microsoft Defender portal and any remaining customers using the Azure portal will be automatically redirected.
This is more than a surface-level change, it marks a major step in Microsoft’s drive to unify its security ecosystem. Whether you’re a day-to-day Sentinel user or simply rely on the insights it delivers, this shift will likely impact how your teams work and how incidents are managed.
What’s changing?
As Microsoft consolidates its security tools, Sentinel is moving from the Azure portal into the Microsoft Defender portal, joining services like Defender for Endpoint, Identity, and more.
Microsoft Sentinel is generally available in the Microsoft Defender portal, including for customers without Microsoft Defender XDR or an E5 license. This means that you can use Microsoft Sentinel in the Defender portal even if you aren't using other Microsoft Defender services.
Here’s what this means for your organisation:
- One central hub for security operations: incident response, alert management, and investigation all accessible in one place
- Streamlined analyst workflows: a UI designed around real-world SOC processes to reduce time to action
- Tighter tool integration: seamless pivots between Defender products and Sentinel data for faster triage
- A more consistent user interface: simpler onboarding and a unified look across Microsoft’s security stack
This new experience is built with speed, visibility, and efficiency in mind. But, like any major change, it needs careful planning. What should organisations be doing?
With the deadline set for 1st July 2026, now is the time to start preparing. Depending on how your environment is set up, this shift could affect everything from Iincident management and reporting to internal processes and user access.
If you're unsure how this migration might impact your teams, tools, or workflows, we can help you assess the impact, define your next steps, and stay ahead of the curve.
That’s where Claranet come in.
Plan your Sentinel migration with confidence
We’re helping organisations prepare for this shift, not just from a technical standpoint, but from an operational one too.
The Microsoft Defender portal correlates millions of signals from Defender products, Microsoft Sentinel, Microsoft security research, and threat intelligence to identify attacks in progress.
We’re already working with clients to build tailored transition plans that ensure continuity, clarity, and control throughout the process.
Claranet is working to ensure, this shift which could affect everything from ticketing and reporting to internal processes and user access is seamless for all customers
Want to talk it through?
Related articles
Reports of Scattered Spider attacks on US insurance firms
Compromising email logins and backup keys from online error messages
How to get the most out of a penetration test scoping exercise
How many disguises would you pack to break into a data centre?
How to create a bespoke risk-based testing strategy