Advancing AI, Automation, and Sovereign Cloud: What’s New in the Splunk + Microsoft Partnership

Partners Jason Conger

Key takeaways

  1. Modern networks generate massive amounts of data, but outages drag on for hours because each team only sees their own slice — no one has a unified view across all domains.
  2. Splunk ITSI solves this by combining telemetry from all infrastructure layers into a single service health score, turning thousands of raw alerts into one actionable incident with a clear root cause.
  3. This unified approach shifts teams from reactive firefighting to proactive problem detection, catching issues before users notice — and cutting resolution time from over an hour to minutes.

Organizations are racing to become Frontier Firms, where humans and AI agents work side by side to drive faster decisions and new ways of operating.

But one thing is clear: there’s no single way to build, deploy, or run the technology of a Frontier Firm. Teams will use different AI tools. Data continues to span across clouds and platforms. And rapidly changing geopolitical conditions and new regulatory requirements are accelerating the need for data sovereignty with options like Microsoft Azure Local.

Splunk and Microsoft are evolving our partnership to meet these realities by delivering new capabilities across AI, SecOps, development, and cloud environments that give customers more flexibility in how they work and where they operate.

From AI-powered workflows that turn insights into action to sovereign cloud deployments, here’s what’s new—and why it matters.

Flexibility in the AI Era Matters

The next wave of enterprise transformation is not about choosing a single platform. It is about operating across an ever-changing ecosystem.

Organizations are adopting AI at different speeds and entry points, managing hybrid and multi-cloud environments, and navigating new data sovereignty and compliance requirements.

Flexibility is no longer optional. It is foundational.

Splunk and Microsoft are addressing this by enabling a model where customers can work in the AI tools they prefer and deploy solutions in the environments that best meet their needs.

Meeting Users Where They Are: Splunk AI and the Microsoft Copilot Ecosystem

AI is only valuable if it fits into how teams actually work.

That’s why Splunk and Microsoft are enabling multiple ways to interact with Splunk data using AI, without forcing users into a single interface.

With Splunk AI Assistant, teams that routinely operate within Splunk benefit from an experience that is purpose-built and optimized for Splunk environments. These agents are trained specifically to understand and generate SPL queries, helping users move faster with greater accuracy and confidence within their existing workflows.

Conversely, the Microsoft Security Copilot Plugin for Splunkenables users who primarily work within the Microsoft ecosystem to interact with Splunk data directly from their familiar environment. Through natural language prompts, they can investigate incidents, run queries, and access insights without switching tools.

Whichever method you choose, the outcomes are:

Accelerating Innovation: Building Faster with GitHub Copilot

AI is not just changing how users interact with data. It transforms how solutions are built.

With GitHub Copilot, teams can create Splunk apps and integrations significantly faster than before. Development projects that once took weeks can now be completed in hours, or even minutes, unlocking:

This shift makes development more accessible across teams, enabling more users to move from ideas to working solutions without heavy development or engineering overhead. In practice, it brings innovation closer to the people who need it most.

From Interaction to Action: The Rise of Agentic AI

As AI capabilities mature, the focus shifts from interaction to orchestration. Rather than simply responding to queries, AI systems are beginning to:

New approaches are enabling these systems to connect across tools and data sources more seamlessly, bringing platforms like Splunk into broader AI-driven workflows.

This evolution positions Splunk as a critical part of the AI ecosystem—powering insights and actions across environments, not just within a single interface.

Extending Flexibility to Infrastructure: Azure Local and Sovereign Cloud

The need for flexibility does not stop at how teams work with AI. It also extends to where systems run and data lives.

With Microsoft Azure Local, organizations can deploy cloud environments on their own infrastructure to meet evolving data residency, compliance, and operational requirements. As geopolitical dynamics and regulatory expectations continue to shift, more organizations are prioritizing greater control over where their data lives.

Customers can now deploy Splunk in Azure Local, extending Splunk observability and security operations into sovereign, private, and even disconnected air-gapped deployments. This is especially important for industries such as government, telecom, and regulated enterprises, where requirements often limit how and where certain cloud-native services can be used.

By supporting Azure Local, Splunk provides a flexible SIEM and observability platform that helps organizations maintain visibility, security, and control across hybrid, private, and sovereign environments.

Strengthening the Partnership: Expanding Together

As Splunk expands its presence across Azure, the partnership with Microsoft continues to deepen. Recent advancements, including Azure Marketplace availability and Splunk co-sell readiness, provides customers with faster access to joint solutions, greater flexibility in how you purchase, and more options for deploying, integrating, and scaling your environment.

Together, Splunk and Microsoft are making it easier to turn strategy into execution, helping you move faster, reduce complexity, and get more value from your data.

Bringing It All Together

Across AI, development, and cloud environments, Splunk and Microsoft are building a more flexible model for modern Frontier Firms. One where:

From how users interact with AI to where systems are deployed, the goal remains the same: deliver the speed, control, and adaptability required to thrive in an increasingly complex digital landscape.

See It in Action

Splunk and Microsoft will be showcasing these innovations at Cisco Live 2026 (May 31- June 4 in Las Vegas) and Microsoft Build 2026 (June 2 – 3 in San Fransico).

Join us to explore real-world use cases, see the technology in action, and learn how your organization can accelerate its AI and cloud journey.

/en_us/blog/fragments/digital-resilience-pays-off
style
two-column

Related Articles

Old School vs. New School
Security
6 Minute Read

Old School vs. New School

The Splunk SURGe team examines the claim that generative AI will empower threat actors to improve the scale and/or efficiency of their spear-phishing campaigns.
Threat Hunting with TLS/SSL Certificates
Security
4 Minute Read

Threat Hunting with TLS/SSL Certificates

TLS and SSL certificates are a great way to hunt advanced adversaries. Collect them with Splunk Stream, Bro, or Suricata and hunt in your own data!
Splunk Security Content for Threat Detection & Response: February 2026 Update
Security
5 Minute Read

Splunk Security Content for Threat Detection & Response: February 2026 Update

Stay ahead of cyber threats with the latest Splunk security content. Explore new analytic stories for Shadow AI, Kerberos coercion, and npm supply chain attacks.
/en_us/blog/fragments/about-splunk
/en_us/blog/fragments/perspectives-promo