Generate playbooks using AI in Microsoft Sentinel is now generally available (GA)

May 2026

Generate playbooks using AI in Microsoft Sentinel is now generally available (GA)
You can now generate playbooks using AI in Microsoft Sentinel. The SOAR playbook generator creates python based automation workflows coauthored through a conversational experience with Cline, an AI coding agent. For more information, see the Playbook Generation blog post.

UEBA enhancements: New settings experience, Okta V2 support, and more GCP anomaly detections

• We introduced a new entry point and created a consolidated view for the UEBA Settings and the Behaviors Settings. You can now access the UEBA settings from the new UEBA tab in the Microsoft Sentinel settings page.
• UEBA Okta anomalies now support the OktaV2_CL table alongside the existing Okta_CL table. This extends the existing Anomalous Activity and Anomalous MFA Failures detections to customers using the newer Okta connector format—no new anomaly types are introduced.
• UEBA now supports five new GCP Audit Logs anomaly detections that identify unusual login behavior, privileged actions, resource deployments, secret/KMS key access, and infrastructure usage patterns.