SOAR on Azure Now Available

The market-leading momentum of our partnership and ongoing engineering roadmap with Microsoft continues! Splunk Security Orchestration, Automation and Response (SOAR) is now available as a native SaaS solution on Azure, enabling customers to even further improve their security posture and create greater digital resilience. Splunk SOAR on Azure acts as the efficiency engine for SOC analysts by connecting Azure services and third-party tools, automating workflows and tasks, and speeding response times.

Microsoft customers will also be happy to know that SOAR is available in the Azure Marketplace, and they can apply their Microsoft Azure Consumption Commitment (MACC) towards the investment in their digital resilience and security stack.

The combination of SOAR on Azure with Splunk Enterprise Security 8.0 equips SOC teams with complete Threat Detection, Investigation, and Response (TDIR) capabilities for their Azure stack. “SOAR on Azure completes our customers’ Threat Detection, Investigation, and Response (TDIR) capabilities on Azure,” says Brad Murphy, VP of Platform Engineering at Splunk. “Partnering with Microsoft enables customers to have the cloud flexibility they want with consistency across Splunk capabilities, performance, and reliability wherever they are deployed.”

SOAR on Azure delivers all the capabilities, features, and use cases that are natively available to your Azure environment, for both Microsoft-specific and numerous third-party security workloads and tasks. Security and IT teams that use Microsoft cloud services can natively use SOAR on Azure to automate and orchestrate common Microsoft-centric scenarios including:

• Incident response by automatically ingesting security alerts from services like Microsoft Sentinel, Microsoft Graph, and Microsoft Defender for Cloud.
• Security alerts by querying and pulling data from Microsoft Entra ID, Azure Monitor, and Azure Log Analytics.
• Containment and mitigation of threats detected in Azure Firewalls, Network Security Groups, and Defender for Cloud.
• Compliance reports generated from Azure compliance data and Azure security control audits.
• Workflow automation using predefined and custom SOAR playbooks for repetitive security tasks.

Customer Momentum Continues

While our engineering teams have been hard at work co-developing Splunk solutions on Azure, our enterprise account teams have been equally successful in helping customers realize the value of Splunk and Microsoft. Our latest joint customer success story is a major US private research university with a massive student body and faculty.

The university has been using Splunk solutions for over seven years and was now tasked with modernizing its infrastructure by migrating the on-premises data center (including Splunk) to the cloud. Ease of integration, automation, and scalability were key to achieving digital resilience and cloud diversification.

Splunk and Microsoft worked with the CIO and IT leaders to demonstrate the roadmap from on-premises to Azure. They visualized how to achieve the desired state of a scalable, secure infrastructure powered by Azure and Splunk. The university also established their first MACC agreement which further solidified their commitment to Microsoft and was used to invest in Splunk on Azure through the Azure Marketplace.

Splunk and Microsoft are experiencing similar customer momentum with other large institutions and enterprises with complex IT environments and security requirements across manufacturing, retail, banking and financial services, and higher education. Organizations with significant investments in Microsoft solutions including Azure, Microsoft 365, Teams, and Copilot are especially well suited to take advantage of Splunk on Azure capabilities for maximizing their IT modernization strategy on Azure.

How Can Splunk on Azure Help You?

Splunk and Microsoft help customers improve their security posture and create greater digital resilience as they migrate their IT security and observability workloads to the cloud. The Splunk on Azure portfolio already included Splunk Cloud Platform on Azure, Splunk Enterprise Security, and Splunk IT Service Intelligence (ITSI), which were announced at Microsoft Ignite. SOAR on Azure, along with the existing Search Head Clustering capabilities in Enterprise Security 8.0, adds even more ways for Azure customers to strengthen digital resilience and security in the cloud.

At the digital resilience level, Splunk on Azure creates an enterprise-wide, unified view of security operations by ingesting data from all sources—Microsoft and others—even in hybrid cloud environments. When it comes to making cloud migrations and AI adoption, Splunk’s AI-powered data platform offers an unmatched level of comprehensive visibility and predictive analytics of your data sources—both on-premises and in Azure. Furthermore, by using Splunk as a SaaS offering on Azure, IT gains more value and cost savings on Azure by leveraging MACC agreements and purchasing Splunk through the Azure Marketplace.

Some of the important use cases to consider for Splunk on Azure include:

• Gaining foundation visibility across environments, workloads, and data sources. Splunk enables you to search, monitor, and investigate real-time security threats and observe how mission-critical apps and infrastructure are behaving for faster troubleshooting.
• Responding proactively to issues by automating security responses and incident investigations to prevent outages, performance degradations, or negative user experiences.
• Unifying security workflows and tasks so that SOC teams can operate more efficiently using automation, observability tools, proven best practices, and playbooks.
• Detecting threats with guided insights that use AI to reduce noise, provide context, and identify issues before they become a problem.

Microsoft-focused IT teams will appreciate how tightly embedded and integrated Splunk solutions are with popular Microsoft services including built-in dashboards and monitoring for Azure and Microsoft 365 resources and dedicated use cases for Splunk Security Essentials in Azure.

Enhance Security and Digital Resilience with Splunk and Microsoft

With Splunk on Azure, customers and partners can detect, investigate, and respond at scale using Splunk solutions natively built on Azure. It’s how we help you build a safer, more resilient digital world. For a more in-depth look at SOAR, watch the Splunk Tech Talk, SOC Modernization: How Automation and SOAR are Shaping Next-Gen Security Teams, or visit Splunk on Azure to learn more.