All Microsoft Sentinel use cases generally available in the Defender portal

May 2025

All Microsoft Sentinel use cases generally available in the Defender portal
All Microsoft Sentinel use cases that are in general availability, including multi-tenant and multi-workspace capabilities and support for all government and commercial clouds, are now also supported for general availability in the Defender portal.

We recommend that you onboard your workspaces to the Defender portal to take advantage of unified security operations. For more information, see:

Unified IdentityInfo table
Customers of Microsoft Sentinel in the Defender portal who have enabled UEBA can now take advantage of a new version of the IdentityInfo table, located in the Defender portal's Advanced hunting section, that includes the largest possible set of fields common to both the Defender and Azure portals. This unified table helps enrich your security investigations across the entire unified SecOps experience.

Additions to SOC optimization support (Preview)
SOC optimization support for:

• AI MITRE ATT&CK tagging recommendations (Preview): Uses artificial intelligence to suggest tagging security detections with MITRE ATT&CK tactics and techniques.
• Risk-based recommendations (Preview): Recommends implementing controls to address coverage gaps linked to use cases that may result in business risks or financial losses, including operational, financial, reputational, compliance, and legal risks.