How To Get Rich, Real-time Endpoint Data Directly From the Sentinel Console


Observers of cybersecurity innovation, specifically within Microsoft’s ecosystem, have probably already heard that Tanium, a provider of converged endpoint management (XEM), recently announced the first of several powerful integrations between Microsoft and their Tanium XEM platform. This new integration and the promise of future ones mark the latest expansion in a relationship that includes Tanium’s membership in the Microsoft Intelligent Security Association (MISA) and its availability in the Microsoft Azure Marketplace.

Rob Jenks, SVP of corporate strategy at Tanium, said, “We’re excited to continue to expand our relationship with Microsoft. Already we work together to make Microsoft environments healthier and more secure by reducing risks for customers and protecting their investments in Azure, and soon we’ll be releasing a series of powerful integrations with Microsoft tools in addition to our Sentinel Integration.”

Extending Sentinel’s Security Capabilities

This enhanced partnership is of particular interest because it provides much-needed functionality by allowing IT and security organizations to automatically detect, investigate, triage, prioritize, and remediate threats directly from the Sentinel console. This integration extends Sentinel’s advanced security and analytics capabilities, reduces the number of false positives that require disposition, and allows security practitioners to more accurately identify threats that security teams might otherwise have missed.

Accurate Real-time Threat Hunting

The Tanium integration with Sentinel allows for active threat hunting. With Tanium’s detailed real-time data taken directly from the endpoint, security practitioners can better contextualize and correlate alerts sourced from both Microsoft and Tanium with almost no delay across an entire IT environment. They get accurate real-time data rather than information that may no longer be correct due to inherent latency. Additionally, Tanium gives incident responders the ability to take immediate action on alerts as they happen. These actions include quarantining a device, deploying a patch, or updating software from the Sentinel console. Users benefit from proactive, predictive, automated management of their entire IT stack.

Address Vulnerabilities at Scale

Microsoft Corporate VP of Cybersecurity Ann Johnson recently said in an interview with Tanium CEO Orion Hindawi (see the video interview below), “We don’t cover [patching for] the entirety of the customer’s estate today. And having a solution like Tanium that can really quickly address these vulnerabilities at scale and can cover all of the third-party applications that we don’t have a solution for, combined with the capabilities that we have, gives our customers the confidence that they can address things that are as big and bold as Log4j, which has a very, very long tail. And that, to me, is an incredibly important part of the relationship because vulnerabilities are going to continue to be exploited by nation-state actors and by cyber criminals. But having this capability that’s combined between the two companies will allow our customers to patch much more quickly and be able to identify the vulnerable assets in their environment.” 

Ensure Microsoft’s Solutions are Highly Available

Tanium’s integration with Sentinel allows Microsoft customers to monitor and ensure that their Microsoft solutions are highly available and operate optimally. With Tanium’s real-time distributed architecture, customers can independently verify that all Microsoft services are appropriately deployed and up-to-date and validate that they are fully performant on every endpoint. If needed, customers can easily deploy a patch or quarantine a device in seconds to ensure they get the most out of their Microsoft investments.

Looking Forward

Ann Johnson talked about the future between Tanium and Microsoft and said, “We are going to announce [another] integration between Tanium and Microsoft’s Conditional Access solutions at Ignite in October. This is going to unlock some of that real-time data evaluation. If you think about how Conditional Access works within our Microsoft Entra suite with our Azure active directory platform, it actually is taking a real-time snapshot of the threat environment that your workers are working in. Having Tanium be able to access that data and make decisions around that data across the entirety of your state is incredibly powerful. It’s those types of direct integrations and those types of deep integrations that are going to help our customers just simply be more secure.”

In addition to joining MISA, Tanium is available in the Microsoft Azure Marketplace. Customers can purchase and provision Tanium directly from the marketplace and apply the purchase to their Microsoft Azure Consumption Commitments.


About Tanium

Tanium, the industry’s only provider of converged endpoint management (XEM), leads the paradigm shift in legacy approaches to managing complex security and technology environments. Only Tanium protects every team, endpoint, and workflow from cyber threats by integrating IT, Compliance, Security, and Risk into a single platform that delivers comprehensive visibility across devices, a unified set of controls, and a common taxonomy for a single shared purpose: to protect critical information and infrastructure at scale. Tanium has been named to the Forbes Cloud 100 list for seven consecutive years and ranks on Fortune’s list of the Best Large Workplaces in Technology. In fact, more than half of the Fortune 100 and the U.S. armed forces trust Tanium to protect people, defend data, secure systems; and see and control every endpoint, team, and workflow everywhere. That’s the power of certainty. Visit www.tanium.com and follow us on LinkedIn and Twitter.


Steven Bowcut is an award-winning journalist covering cyber and physical security. He is an editor and writer for Brilliance Security Magazine as well as other security and non-security online publications. Follow and connect with Steve on Twitter, Instagram, and LinkedIn.