Microsoft Sentinel Updates

Call to action: update older Microsoft Sentinel content as code

Generate playbooks using AI in Microsoft Sentinel (preview)

New Entity Behavior Analytics (UEBA) widget in the Defender portal home page (Preview)

UEBA behaviors layer aggregates actionable insights from raw logs in near-real time (Preview)

New Entity Behavior Analytics (UEBA) experiences in the Defender portal (Preview)

Call to action: update queries and automation

Export STIX threat intelligence objects (Preview)

Microsoft Sentinel is evolving into a SIEM and platform

New data sources for enhanced User and Entity Behavior Analytics (UEBA)

Edit workbooks directly in the Microsoft Defender portal (Preview)

Microsoft Sentinel data lake (preview)

For new customers only: Automatic onboarding and redirection to the Microsoft Defender portal

No limit on the number of workspaces you can onboard to the Defender portal

Microsoft Sentinel in the Defender portal to be retired July 2026

Summary rule templates now in public preview

Connector Documentation consolidation

Codeless Connector Platform (CCP) has been renamed to Codeless Connector Framework (CCF).

All Microsoft Sentinel use cases generally available in the Defender portal

Unified IdentityInfo table

Risk-based recommendations (Preview)

SOC optimization support for unused columns (Preview)

Security Copilot generates incident summaries in Microsoft Sentinel in the Azure portal (Preview)

Multi workspace and multitenant support for Microsoft Sentinel in the Defender portal (preview)

Agentless connection to SAP now in public preview

Optimize threat intelligence feeds with ingestion rules

Threat intelligence upload API now supports more STIX objects

Bicep template support for repositories (Preview)

Microsoft Sentinel availability in Microsoft Defender portal*

New SOC optimization recommendation based on similar organizations (Preview)