Notizie per Categorie
Articoli Recenti
- Retirement: VM Insights Map and Dependency Agent are being on June 30, 2028 2 Luglio 2025
- Planning your move to Microsoft Defender portal for all Microsoft Sentinel customers 1 Luglio 2025
- [Launched] Generally Available: Azure App Service on Azure Stack Hub 25R1 1 Luglio 2025
- Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations 30 Giugno 2025
- [Launched] Generally Available: Encryption in Transit (EiT) for Azure Files NFS shares 30 Giugno 2025
- [Launched] Generally Available: Query editor in Azure Monitor Metrics 30 Giugno 2025
- [Launched] Generally Available: FQDN Filtering in DNAT rules in Azure Firewall 30 Giugno 2025
- [In preview] Generally Available: Two-Way Forest Trusts for Microsoft Entra Domain Services 30 Giugno 2025
- Unveiling RIFT: Enhancing Rust malware analysis through pattern matching 27 Giugno 2025
- [Launched] Generally Available: Azure FXv2-series Virtual Machines 26 Giugno 2025
Planning your move to Microsoft Defender portal for all Microsoft Sentinel customers
In November 2023, Microsoft announced our strategy to unify security operations by bringing the best of XDR and SIEM together. Our first step was bringing Microsoft Sentinel into the Defender portal, giving teams a single, comprehensive view of incidents, reducing queue management, enriched threat intel, streamlining response and enabling SOC teams to take advantage of GenAI in their day-to-day workflow. Since then, considerable progress has been made with thousands of customers using this new unified experience; to enhance the value customers gain when using Sentinel in the Defender portal,
At the same time, Microsoft has been constantly innovating in Defender experience, adding not just SIEM but also Security Copilot, and extended posture management. The Microsoft Defender portal is the focus on all our innovation energy. The Microsoft Defender portal now offers the best, most advanced experience for Microsoft Sentinel.
Today, we’re announcing that we are moving to the next phase of the transition with a target to retire the Azure portal for Microsoft Sentinel by July 1, 2026. Customers not yet using the Microsoft Defender portal should plan their transition accordingly.
Microsoft Sentinel in the Microsoft Defender Portal
“Really amazing to see that coming, because cross querying with tables in one UI is really cool! Amazing, big step forward to the unified [Defender] portal.”
Glueckkanja AG
“The biggest benefit of the Unified Security Operations Platform (Microsoft Sentinel + Microsoft Defender XDR) has been the ability to combine data in Defender XDR with logs from third party security tools. Another advantage developed in the platform has been to eliminate the need to switch between Defender XDR and Microsoft Sentinel portals, now having a single pane of glass, which the team has been wanting for some years.”
Robel Kidane, Group Information Security Manager, Renishaw PLC
Delivering the SOC of the future
Unifying threat protection, exposure management and security analytics capabilities in one pane of glass not only streamlines the user experience, but also enables Sentinel customers to realize security outcomes more efficiently:
Analyst efficiency: A single portal reduces context switching, simplifies workflows, reduces training overhead, and improves team agility.
Integrated insights: SOC-focused case management, TI, incident correlation, advanced hunting, exposure management, and an incident queue enriched with business and sensitive data context for better prioritization across all products. This enables customers to improve detection and response while bringing business context and posture insights to the investigation experience.
SOC optimization: Adjust security controls as threats and business priorities change to control costs and provide better coverage and utilization of data, maximizing ROI from the SIEM.
Accelerated response: AI-driven detection and response reduces mean time to respond (MTTR) by 30%, increases security response efficiency by 60%, and enables embedded Gen AI and agentic workflows.
What’s next: Preparing for the retirement of the Sentinel Experience in the Azure Portal
Microsoft is committed to supporting every single customer in making that transition over the next 12 months. Beginning July 1, 2026, Sentinel users will be automatically redirected to the Defender portal.
After helping thousands of customers smoothly make the transition, we recommend that security teams begin planning their migration and change management now to ensure continuity and avoid disruption. While the technical process is very straightforward, we have found that early preparation allows time for workflow validation, training, and process alignment to take full advantage of the new capabilities and new experience.
Tips for a Successful Migration to Microsoft Defender
- Leverage Microsoft’s help:
Leverage Microsoft documentation, instructional videos, guidance, and in-product support to help you be successful. A good starting point is the documentation on Microsoft Learn.
- Plan early:
Engage stakeholders early including SOC and IT Security leads, MSSPs, and compliance teams to align on timing, training and organizational needs. Make sure you have an actionable timeline and agreement in the organization around when you can prioritize this transition to ensure access to the full potential of the new experience.
- Prepare your environment:
Plan and design your environment thoroughly. This includes understanding the prerequisites for onboarding Microsoft Sentinel workspaces, reviewing and deciding on access controls, and planning the architecture of your tenant and workspace. Proper planning will ensure a smooth transition and help avoid any disruptions to your security operations.
- Leverage Advanced Threat Detection
The Microsoft Defender portal offers enhanced threat detection capabilities with advanced AI and machine learning for Microsoft Sentinel. Make sure to leverage these features for faster and more accurate threat detection and response. This will help you identify and address critical threats promptly, improving your overall security posture.
- Utilize Unified Hunting and Incident Management
Take advantage of the enhanced hunting, incident, and investigation capabilities in Microsoft Defender. This provides a comprehensive view for more efficient threat detection and response. By consolidating all security incidents, alerts, and investigations into a single unified interface, you can streamline your operations and improve efficiency.
- Optimize Cost and Data Management
Microsoft Defender portal offers cost and data optimization features, such as SOC Optimization and Summary Rules. Make sure to utilize these features to optimize your data management, reduce costs, and increase coverage and SIEM ROI. This will help you manage your security operations more effectively and efficiently.
SOC Optimization
Unleash the full potential of your Security team
The unified SecOps experience available in Microsoft Defender portal is designed to support the evolving needs of modern SOCs. Microsoft Defender is not just a new home for Microsoft Sentinel—it’s a foundation for integrated, AI-driven security operations.
We’re committed to helping you make this transition smoothly and confidently. If you haven’t already joined the thousands of security organizations that have done so, now is the time to begin.
Resources
AI-Powered Security Operations Platform | Microsoft Security
Microsoft Sentinel in the Microsoft Defender portal | Microsoft Learn
Shifting your Microsoft Sentinel Environment to the Defender Portal | Microsoft Learn
Microsoft Sentinel is now in Defender | YouTube
Changes for new customers starting in July 2025
The post Planning your move to Microsoft Defender portal for all Microsoft Sentinel customers appeared first on Microsoft Security Blog.
Source: Microsoft Security