
Explanation:
In Microsoft Sentinel, playbooks are the feature that integrates with Azure Logic Apps to automate response.
Microsoft's documentation describes them as "collections of procedures that can be run from Microsoft Sentinel in response to an alert" and clarifies that "playbooks are built on Azure Logic Apps" providing a workflow engine and a gallery of connectors to other Microsoft and third-party services. Playbooks can be triggered automatically from analytics rules or manually from incidents and alerts, enabling orchestration such as assigning owners, creating tickets, disabling accounts, blocking IPs, or posting to collaboration channels.
The platform emphasizes that the Logic Apps foundation gives security teams a visual designer, managed connectors, and run history to track execution and outcomes. In short, Sentinel uses playbooks to "automate and orchestrate responses to alerts and incidents", reducing mean-time-to-respond and standardizing actions across your SOC. Other Sentinel components serve different purposes: analytic rules detect threats, hunting queries aid proactive investigation, and workbooks provide dashboards and visualizations. Therefore, the correct completion is: Microsoft Sentinel playbooks use Azure Logic Apps to automate and orchestrate responses to alerts.