What's new in Microsoft's unified security operations platform
This article lists recent features added into Microsoft's unified SecOps platform within the Microsoft Defender portal, and new features in related services that provide an enhanced user experience in the platform.
December 2024
- New SOC optimization recommendations based on similar organizations (Preview)
- Microsoft Sentinel workbooks now available to view directly in the Microsoft Defender portal
New SOC optimization recommendations based on similar organizations (Preview)
SOC optimizations now include new recommendations for adding data sources to your workspace based on the security posture of other organizations in similar industries and sectors as you, and with similar data ingestion patterns.
For more information, see SOC optimization reference of recommendations.
Microsoft Sentinel workbooks now available to view directly in the Microsoft Defender portal
Microsoft Sentinel workbooks are now available for viewing directly in the Microsoft Defender portal with Microsoft's unified security operations (SecOps) platform. Now, in the Defender portal, when you select Microsoft Sentinel > Threat management > Workbooks, you remain in the Defender portal instead of a new tab being opened for workbooks in the Azure portal. Continue tabbing out to the Azure portal only when you need to edit your workbooks.
Microsoft Sentinel workbooks are based on Azure Monitor workbooks, and help you visualize and monitor the data ingested to Microsoft Sentinel. Workbooks add tables and charts with analytics for your logs and queries to the tools already available.
For more information, see Visualize and monitor your data by using workbooks in Microsoft Sentinel and Connect Microsoft Sentinel to Microsoft Defender XDR.
November 2024
- Microsoft Sentinel availability in Microsoft Defender portal
- Feature availability for Government clouds
Microsoft Sentinel availability in Microsoft Defender portal
We previously announced Microsoft Sentinel is generally available within Microsoft's unified security operations platform in the Microsoft Defender portal. For preview, Microsoft Sentinel is now available in the Defender portal without Microsoft Defender XDR or an E5 license. For more information, see:
- Microsoft Sentinel in the Microsoft Defender portal
- Connect Microsoft Sentinel to the Microsoft Defender portal
Feature availability for Government clouds
In the Defender portal, all Microsoft Sentinel features for unified SecOps that are in general availability are now available in both commercial and GCC High and DoD clouds. Features still in preview are available only in the commercial cloud.
For more information, see Microsoft Sentinel feature support for Azure commercial/other clouds and Microsoft Defender XDR for US Government customers.
Related content
For more information on what's new with other Microsoft Defender security products and Microsoft Sentinel, see:
- What's new in Microsoft Sentinel
- What's new in Microsoft Defender XDR
- What's new in Microsoft Defender for Office 365
- What's new in Microsoft Defender for Endpoint
- What's new in Microsoft Defender for Identity
- What's new in Microsoft Defender for Cloud Apps
You can also get product updates and important notifications through the message center.