Microsoft Sentinel Updates

New Entity Behavior Analytics (UEBA) experiences in the Defender portal (Preview)

Call to action: update queries and automation

Export STIX threat intelligence objects (Preview)

Microsoft Sentinel is evolving into a SIEM and platform

New data sources for enhanced User and Entity Behavior Analytics (UEBA)

Edit workbooks directly in the Microsoft Defender portal (Preview)

Microsoft Sentinel data lake (preview)

For new customers only: Automatic onboarding and redirection to the Microsoft Defender portal

No limit on the number of workspaces you can onboard to the Defender portal

Microsoft Sentinel in the Defender portal to be retired July 2026

Summary rule templates now in public preview

Connector Documentation consolidation

Codeless Connector Platform (CCP) has been renamed to Codeless Connector Framework (CCF).

All Microsoft Sentinel use cases generally available in the Defender portal

Unified IdentityInfo table

Risk-based recommendations (Preview)

SOC optimization support for unused columns (Preview)

Security Copilot generates incident summaries in Microsoft Sentinel in the Azure portal (Preview)

Multi workspace and multitenant support for Microsoft Sentinel in the Defender portal (preview)

Agentless connection to SAP now in public preview

Optimize threat intelligence feeds with ingestion rules

Threat intelligence upload API now supports more STIX objects

Bicep template support for repositories (Preview)

Microsoft Sentinel availability in Microsoft Defender portal*

New SOC optimization recommendation based on similar organizations (Preview)

Agentless deployment for SAP applications (Limited preview)

New S3-based data connector for Amazon Web Services WAF logs

Microsoft Sentinel availability in Microsoft Defender portal

Updates for the Microsoft Sentinel solution for Microsoft Power Platform