Microsoft Sentinel is a cloud-native Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) solution. Its core function is to collect security data from various sources, including Azure Active Directory (Azure AD), and use intelligent analytics and threat intelligence to detect, investigate, and automatically respond to security threats. By using the built-in Azure AD data connector, Sentinel can ingest sign-in logs, audit logs, and provisioning logs for automated analysis, making it the correct tool for the specified task.

B. Azure Key Vault: This service securely stores and manages secrets, keys, and certificates. It does not collect or analyze security events from other services.

C. Azure Synapse Analytics: This is an enterprise analytics service for big data and data warehousing, not a specialized tool for real-time security event analysis and threat detection.

D. Azure AD Connect: This tool synchronizes on-premises identity directories with Azure AD. It does not analyze security events generated within Azure AD.

1. Microsoft Learn. (2023). "What is Microsoft Sentinel?". Microsoft Docs. Retrieved from https://learn.microsoft.com/en-us/azure/sentinel/overview. In the introduction, it states, "Microsoft Sentinel is a scalable, cloud-native solution that provides... Security information and event management (SIEM)... Security orchestration, automation, and response (SOAR)."

2. Microsoft Learn. (2023). "Connect Azure Active Directory (Azure AD) data to Microsoft Sentinel". Microsoft Docs. Retrieved from https://learn.microsoft.com/en-us/azure/sentinel/connect-azure-active-directory. This document explicitly details how to "stream logs from Azure Active Directory (Azure AD) into Microsoft Sentinel."

3. Microsoft Learn. (2023). "Describe the capabilities of Microsoft Sentinel". AZ-900: Microsoft Azure Fundamentals learning path. Retrieved from https://learn.microsoft.com/en-us/training/modules/describe-security-management-capabilities-azure/4-describe-capabilities-of-microsoft-sentinel. This official courseware states Sentinel's purpose is to "Collect data at cloud scale across all users, devices, applications, and infrastructure."

4. Microsoft Learn. (2023). "What is Azure Key Vault?". Microsoft Docs. Retrieved from https://learn.microsoft.com/en-us/azure/key-vault/general/overview. This source confirms Key Vault's role is to safeguard cryptographic keys and other secrets.