Microsoft unified security operations platform in the Microsoft Defender portal is generally available.

July 2024 Update

• Incidents with alerts where a compromised device communicated with an operational technology (OT) device are now visible in the Microsoft Defender portal through the Microsoft Defender for IoT license and Defender for Endpoint’s device discovery capabilities. Using Defender for Endpoint data, Defender XDR automatically correlates these new OT alerts to incidents to provide a comprehensive attack story. To filter related incidents, see Prioritize incidents in the Microsoft Defender portal.
• (GA) Filtering Microsoft Defender for Cloud alerts by the associated alert subscription ID in the Incidents and Alerts queues is now generally available. For more information, see Microsoft Defender for Cloud in Microsoft Defender XDR.
• (GA) The Microsoft unified security operations platform in the Microsoft Defender portal is generally available. This release brings together the full capabilities of Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Copilot in Microsoft Defender. For more information, see the following resources:
• Blog post: General availability of the Microsoft unified security operations platform
• Microsoft Sentinel in the Microsoft Defender portal
• Connect Microsoft Sentinel to Microsoft Defender XDR
• Microsoft Copilot in Microsoft Defender
• (Preview) You can now customize columns in the Incidents and Alerts queues in the Microsoft Defender portal. You can add, remove, reorder columns to display the information you need. For more information, see how to customize columns in the incident queue and alert queue.
• (Preview) Critical assets are now part of the tags in the incident and alert queues. When a critical asset is involved in an incident or alert, the critical asset tag is displayed in the queues. For more information, see incident tags and the alert queue.
• (Preview) Incidents are now arranged according to the latest automatic or manual updates made to an incident. Read about the last update time column in the incident queue.
• (GA) Learning hub resources have moved from the Microsoft Defender portal to learn.microsoft.com. Access Microsoft Defender XDR Ninja training, learning paths, training modules and more. Browse the list of learning paths, and filter by product, role, level, and subject.
• (GA) The UrlClickEvents table in advanced hunting is now generally available. Use this table to get information about Safe Links clicks from email messages, Microsoft Teams, and Office 365 apps in supported desktop, mobile, and web apps.
• (GA) You can now release or move email messages from quarantine back to the user's inbox directly from Take actions in advanced hunting and in custom detections. This allows security operators to manage false positives more efficiently and without losing context.