Microsoft Sentinel Gets New Workspace Manager and Hunts Feature


Microsoft announced some new updates for its Microsoft Sentinel solution this week. The company has highlighted a new Workspace Manager feature, Hunts feature to identify security threats, and other improvements.

Specifically, Microsoft Sentinel is getting a new Workspace Manager that enables IT admins to manage multiple Sentinel workspaces from a central workspace. The feature supports both single and multi-tenant scenarios with Azure Lighthouse. However, Workspace Manager is ideal for multitenant customer management scenarios that deal with distributed workloads.

Microsoft explained that the Workspace Manager supports various active content types. These include workbooks, analytics rules, automation rules (excluding Playbooks), hunting and livestream queries, as well as Parsers, Saved Searches and Functions.

Microsoft Sentinel Workspace Manager architecture

Microsoft Sentinel’s Workspace Manager offers three different architectures to accommodate different scenarios. For instance, Direct-link provides a central workspace that lets IT admins control all member workspaces. Moreover, Co-Management is designed for situations requiring more than one central workspace to manage a member workspace. N-Tier supports complex scenarios that involve hierarchical controls.

Microsoft Sentinel Gets New Workspace Manager and Hunts Feature

Microsoft notes that customers will need at least two Microsoft Sentinel workspaces to use Workspace Manager. It also requires the Microsoft Sentinel Contributor role assignment for managing central and member workspaces. Microsoft has provided a step-by-step guide to enable the Workspace Manager feature on the central workspace.

Microsoft Sentinel to get new Hunts feature in May

Microsoft is also planning to add a new Hunts threat-hunting feature in Microsoft Sentinel next month. It will allow security analysts to generate bookmarks, custom hunting queries, and security-researcher-generated hunting queries to improve investigations.

“With the upcoming public preview in May 2023 of the new “Hunts” feature we are providing a first step towards an end-to-end hunting experience within Microsoft Sentinel by allowing customers to keep track of new, active, and closed hunts in one place,” Microsoft explained.

Microsoft Sentinel Gets New Workspace Manager and Hunts Feature

Lastly, Microsoft has announced the public preview of a new DNS Essentials Solution. It’s designed for DNS security scenarios and supports Cisco Firewall, Zscaler Internet access (ZIA), GCP DNS, Windows Server DNS, and other DNS products.