Microsoft Sentinel to Get Major Updates This Spring
Microsoft Sentinel’s updates will enhance multi-tenant security management and improve threat intelligence with AI-powered insights.
Published: Mar 24, 2025
Key Takeaways:
- Microsoft Sentinel is getting features for improved incident visibility, investigation, and case management across multiple tenants and workspaces.
- Upcoming enhancements include expanded threat intelligence, geo-context in analytics, and AI-powered insights.
- Microsoft is modernizing data connectors and expanding third-party integrations.
Microsoft is gearing up to make security operations more seamless with a major upgrade to Microsoft Sentinel this spring. The company detailed new multi-tenant and multi-workspace capabilities that will become generally available in the unified SecOps platform in May.
First off, Microsoft highlighted several new capabilities that will be available for Sentinel customers through the unified SecOps platform in the Defender portal. There is a new feature that provides a unified view of incidents and alerts across various tenants and workspaces. The latest update also enhances accuracy in detecting and investigating incidents within a single interface for SIEM and XDR.
The unified case management feature facilitates collaboration and tracking of cases across different tenants in one queue. Microsoft also plans to rollout new case management features in the coming months, including enhanced collaboration, case summaries, attachment management, cross-tenant case assignment, Log App Playbooks configuration, as well as updated incident experience.
Furthermore, administrators can proactively search for security threats across multiple workspaces, including Microsoft Defender XDR. There is also an intuitive wizard that simplifies the deployment of automation rules across workspaces.
Enhanced visibility and insights in Microsoft Sentinel
Microsoft highlighted that timely threat intelligence is important for organizations to detect and mitigate emerging threats. Upcoming enhancements will enable expanded threat intel for advanced hunting, geo-context in threat analytics, new ingestion rules for managing threat intelligence at scale, and access to Microsoft Raw Intelligence for detection and enrichment.
New and improved data connectors
Last year, Microsoft launched the redesigned Codeless Connector Platform (CCP), which allows users to create data connectors for Microsoft Sentinel without extensive coding or infrastructure management. Key updates to this platform include modernizing existing connectors, expanding data collection from third-party products, and new integrations with Netskope and 1Password.
Lastly, Microsoft has announced that the SOC Recommendation feature is getting support for new optimization types, such as risk-based optimization, resource optimization, cost optimization, data-to-cost insights, and AI MITRE Tagging. Microsoft has also announced the public preview of Security Copilot’s Incident Summary feature in the Microsoft Sentinel Azure portal. This feature provides a comprehensive overview of security incidents by consolidating data from multiple alerts and presenting key details such as timelines, impacted assets, and indicators of compromise.