Microsoft positions Microsoft Sentinel as a cloud-native SIEM and SOAR that “collects data at cloud scale” and “detects, investigates, and responds to threats.” The extended detection and response (XDR) layer in Microsoft’s security stack is delivered by Microsoft 365 Defender, which “correlates signals across endpoints, identities, email, and apps to automatically detect, investigate, and remediate attacks.” Sentinel’s XDR capability is realized through its integration with Microsoft 365 Defender, enabling incident synchronization, alert enrichment, and bi- directional actions. Documentation explains that this integration “brings Microsoft 365 Defender incidents into Microsoft Sentinel,” unifying SIEM/SOAR analytics with the cross-domain XDR detections from Defender. Features such as automatic incident grouping, advanced hunting, and entity behavior flow from Microsoft 365 Defender to Sentinel, giving analysts an end-to-end XDR view. By contrast, threat hunting and workbooks are valuable Sentinel features, and compliance center is unrelated to XDR. The specific capability that provides Sentinel’s XDR experience is its integration with Microsoft 365 Defender.