Microsoft Launches Case Management Service for Faster Incident Resolution
The Case Management service streamlines SecOps in the Defender portal.
Published: Apr 04, 2025
Key Takeaways:
- The Case Management service lets security teams handle security cases natively in the Defender portal.
- This service offers features like task assignments, workflow customization, and RBAC enhance efficiency.
- Microsoft plans to add multi-tenant support, automation, and better collaboration tools.
Microsoft has launched its new Case Management service for commercial customers, providing a seamless way to handle SecOps cases directly within the Microsoft Defender portal. This integrated platform is designed to streamline case tracking, enhances collaboration, and eliminates the need for external ticketing systems.
Microsoft highlighted that security teams often struggle with third-party tools that lack essential security context, which result in generic case views and slower resolutions. The lack of integration with security tools hinders communication and collaboration in the Security Operations Center (SOC).
“To address these challenges, we introduced the public preview of our case management service, marking the first steps towards a centralized, security-focused case management experience. This new service aims to reduce dependency on external ticketing systems by offering rich collaboration, customization, evidence collection, and reporting capabilities tailored specifically for SecOps workloads,” Microsoft explained.
This new Case Management service provides a centralized platform to create, track, and manage security-related cases. It lets security teams customize workflows with custom status values as well as enhance collaboration through task assignments and deadlines. This service also supports complex case handling by linking multiple incidents and ensures secure access management with Role-Based Access Control (RBAC).
Getting started with Case Management
Microsoft says that the Case Management service can be accessed through the Defender portal, but it requires a connection to a Microsoft Sentinel workspace. It’s important to note that cases are only visible within the Defender portal and cannot be viewed in the Azure portal.
To get started with Case Management, navigate to the Defender portal and select the “Cases” option to view the case queue. From there, filter, sort, or search through the cases to quickly locate and prioritize the ones that need attention.
The new Case Management service simplifies security operations, speeds up response times, and boosts case management efficiency. Microsoft plans to expand this service with multi-tenant support, automation, and enhanced collaboration tools.