Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article describes the features available in Microsoft Sentinel across different Azure environments. Features are listed as GA (generally available), public preview, or shown as not available.
Note
These lists and tables do not include feature or bundle availability in the Azure Government Secret or Azure Government Top Secret clouds. For more information about specific availability for air-gapped clouds, please contact your account team.
Experience in the Defender portal
Microsoft Sentinel is also available in the Microsoft Defender portal. In the Defender portal, all features in general availability are available in commercial, GCC, GCC High and DoD clouds. Features still in preview are available only in the commercial cloud.
For more information, see Microsoft Defender XDR for US Government customers.
Analytics
| Feature | Feature stage | Azure commercial | Azure Government | Azure China 21Vianet |
|---|---|---|---|---|
| Analytics rules health | Public preview | Yes | No | No |
| MITRE ATT&CK dashboard | Public preview | Yes | Yes | Yes |
| NRT rules | GA | Yes | Yes | Yes |
| Recommendations | Public preview | Yes | Yes | No |
| Scheduled and Microsoft rules | GA | Yes | Yes | Yes |
Content and content management
| Feature | Feature stage | Azure commercial | Azure Government | Azure China 21Vianet |
|---|---|---|---|---|
| Content hub and solutions | GA | Yes | Yes | Yes |
| Repositories | Public preview | Yes | No | No |
| Workbooks | GA | Yes | Yes | Yes |
Data collection
1 Supports only sign-in logs and audit logs.
Hunting
| Feature | Feature stage | Azure commercial | Azure Government | Azure China 21Vianet |
|---|---|---|---|---|
| Bookmarks | GA | Yes | Yes | Yes |
| Hunts | Public preview | Yes | No | No |
| Livestream | GA | Yes | Yes | Yes |
| Queries | GA | Yes | Yes | Yes |
| Restore historical data | GA | Yes | Yes | Yes |
| Search large datasets | GA | Yes | Yes | Yes |
Incidents
| Feature | Feature stage | Azure commercial | Azure Government | Azure China 21Vianet |
|---|---|---|---|---|
| Add entities to threat intelligence | Public preview | Yes | Yes | Yes |
| Advanced and/or conditions | GA | Yes | Yes | Yes |
| Automation rules | GA | Yes | Yes | Yes |
| Automation rules health | Public preview | Yes | Yes | No |
| Create incidents manually | GA | Yes | Yes | Yes |
| Cross-tenant/Cross-workspace incidents view | GA | Yes | Yes | Yes |
| Incident advanced search | GA | Yes | Yes | Yes |
| Incident tasks | GA | Yes | Yes | Yes |
| Microsoft 365 Defender incident integration | GA | Yes | Yes | No |
| Microsoft Teams integrations | Public preview | Yes | Yes | No |
| Playbook template gallery | Public preview | Yes | Yes | No |
| Run playbooks on entities | GA | Yes | Yes | Yes |
| Run playbooks on incidents | GA | Yes | Yes | Yes |
| SOC incident audit metrics | GA | Yes | Yes | Yes |
Machine Learning
| Feature | Feature stage | Azure commercial | Azure Government | Azure China 21Vianet |
|---|---|---|---|---|
| Anomalous RDP login detection - built-in ML detection | Public preview | Yes | Yes | No |
| Anomalous SSH login detection - built-in ML detection | Public preview | Yes | Yes | No |
| Fusion - advanced multistage attack detections 1 | GA | Yes | Yes | Yes |
1 Partially GA: The ability to disable specific findings from vulnerability scans is in public preview.
Managing Microsoft Sentinel
| Feature | Feature stage | Azure commercial | Azure Government | Azure China 21Vianet |
|---|---|---|---|---|
| Workspace manager | Public preview | Yes | Yes | No |
| SIEM migration experience | GA | Yes | No | No |
Normalization
| Feature | Feature stage | Azure commercial | Azure Government | Azure China 21Vianet |
|---|---|---|---|---|
| Advanced Security Information Model (ASIM) | Public preview | Yes | Yes | Yes |
Notebooks
| Feature | Feature stage | Azure commercial | Azure Government | Azure China 21Vianet |
|---|---|---|---|---|
| Notebooks | GA | Yes | Yes | Yes |
| Notebook integration with Azure Synapse | Public preview | Yes | Yes | Yes |
SOC optimizations
| Feature | Feature stage | Azure commercial | Azure Government | Azure China 21Vianet |
|---|---|---|---|---|
| SOC optimizations | Supported for production use | Yes | No | No |
SAP
| Feature | Feature stage | Azure commercial | Azure Government | Azure China 21Vianet |
|---|---|---|---|---|
| Threat protection for SAP | GA | Yes | Yes | Yes |
| Agentless data connector | Public preview | Yes | No | No |
Threat intelligence support
| Feature | Feature stage | Azure commercial | Azure Government | Azure China 21Vianet |
|---|---|---|---|---|
| GeoLocation and WhoIs data enrichment | Public preview | Yes | No | No |
| Import TI from flat file | Public preview | Yes | Yes | Yes |
| Threat Intelligence Platform data connector | Public preview | Yes | No | No |
| Threat Intelligence Research page | GA | Yes | Yes | Yes |
| Threat Intelligence - TAXII data connector | GA | Yes | Yes | Yes |
| Microsoft Defender for Threat Intelligence connector | Public preview | Yes | No | No |
| Microsoft Defender Threat intelligence matching analytics | Public preview | Yes | No | No |
| Threat Intelligence workbook | GA | Yes | Yes | Yes |
| URL detonation | Public preview | Yes | No | No |
| Threat Intelligence Upload Indicators API | Public preview | Yes | No | No |
UEBA
| Feature | Feature stage | Azure commercial | Azure Government | Azure China 21Vianet |
|---|---|---|---|---|
| Active Directory sync via MDI | Public preview | Yes | Yes | No |
| Azure resource entity pages | Public preview | Yes | Yes | No |
| Entity insights | GA | Yes | Yes | Yes |
| Entity pages | GA | Yes | Yes | Yes |
| Identity info table data ingestion | GA | Yes | Yes | Yes |
| IoT device entity page | Public preview | Yes | Yes | No |
| Peer/Blast radius enrichments | Public preview | Yes | No | No |
| SOC-ML anomalies | GA | Yes | Yes | No |
| UEBA anomalies | GA | Yes | Yes | No |
| UEBA enrichments\insights | GA | Yes | Yes | Yes |
Watchlists
| Feature | Feature stage | Azure commercial | Azure Government | Azure China 21Vianet |
|---|---|---|---|---|
| Large watchlists from Azure Storage | Public preview | Yes | No | No |
| Watchlists | GA | Yes | Yes | Yes |
| Watchlist templates | Public preview | Yes | No | No |
Next steps
In this article, you learned about available features in Microsoft Sentinel.