Developing connected security solutions

May 6, 2019

Many organizations deploy dozens of security products and services from Microsoft and others to combat increasing cyberthreats. As a result, the ability to quickly extract value from these solutions has become more challenging. This creates opportunity for developers to build solutions that augment and integrate security across products, services, tools, and workflows. With Gartner forecasting worldwide information security spending to exceed $124 billion by the end of 2019, the potential for developers in cybersecurity is significant and growing.

Developers at independent software vendors (ISVs), managed security providers (MSP/MSSPs), IT services and systems integrators (SIs), and enterprises can:

  • Solve integration and deployment challenges.
  • Extend capabilities to meet customer- or industry-specific needs.
  • Address security skills and staffing shortages through automation.

Using traditional paradigms, developers can build integrated apps with Microsoft APIs and SDKs. In addition, new options have emerged for security experts to develop security experiences, workflows, and analytics without writing any code. By supporting a diverse set of capabilities for security developers of all types, Microsoft enables them to:

  • Unlock value for Microsoft customers—Create solutions for the more than 19 million Microsoft Cloud customers, which includes 95 percent of Fortune 500 businesses, governments and startups.
  • Accelerate application development—Unified Microsoft Graph APIs simplify development across services and data connectors (like Azure Logic Apps, Microsoft Flow, etc.) provide code-free options. Samples and guidance make it easy to get started, and communities enable collaboration and learning.
  • Leverage the speed and scale of the Microsoft Cloud—Microsoft’s cloud platform and services enable developers to collect and analyze large amounts of varied security data and build apps at global scale.

How to develop connected security solutions

Microsoft offers a combination of APIs and services that can be used by developers. Both are supported by communities, where developers can collaborate with their peers.


By sharing security insights and taking actions in real-time, integrated apps can streamline security management, improve threat protection, and speed response. Developers can leverage Microsoft APIs and SDKs to realize end-to-end scenarios for their apps using:

  • Microsoft Graph Security API to streamline integration across multiple security solutions to enable cross-product scenarios. Microsoft Graph Security API provides a single programmatic interface with a common schema and authentication model to simplify integration for these scenarios.

and / or

  • Direct APIs and SDKs to connect to individual services to enable product-specific scenarios.


Microsoft provides a rich set of services to power integrated security event management, analytics, investigation, and automation. Developers can build experiences, workflows, and analytics on top of the following services to deliver additional value to customers:

  • Azure Sentinel is a cloud native Security Information and Event Management (SIEM) service. With Azure Sentinel you can connect various data sources for security monitoring and analysis, author detection queries to mitigate threats, and build workflows to enable security automations, dashboards for reporting, and machine learning models for threat detection.
  • Azure Logic Apps and Microsoft Flow—For workflow automations and orchestrations.
  • Azure Notebooks and Power BI—For analytics and reporting.


Open-source communities on GitHub enable developers to easily share code samples, detection rules, machine learning models, playbooks, tools, and more. These communities enable collaboration with other security experts to learn and share. A security developer GitHub community serves as a starting point to share code, libraries, notebooks, workbooks, and queries for connected experiences, as well as a resource to find related communities.

Get started today

Here are a few resources to help you get started:

  • A new Developer’s Guide to Building Connected Security Solutions offers a primer for those who want to build apps, workflows, and analytics that integrate with Microsoft security solutions. In addition to introducing the Microsoft APIs, services, and communities available to developers, the guide offers detailed guidance on when and how to use each one and what technology and integration option best aligns with your desired scenario and application type. Download the guide.
  • Visit the GitHub community to learn from and share with other security developers.
  • Attend the Microsoft Build session, “Building apps that integrate, automate, and manage security operations,” Wednesday, May 8, at 5 PM.

The post Developing connected security solutions appeared first on Microsoft Security.