Merge pull request #300229 from batamig/wkspc-ga-ii

workspaces ga sentinel

Author: prmerger-automator[bot]

articles/sentinel/connect-microsoft-365-defender.md

@@ -19,7 +19,7 @@ ms.collection: usx-security
 
 The Microsoft Defender XDR connector for Microsoft Sentinel allows you to stream all Microsoft Defender XDR incidents, alerts, and advanced hunting events into Microsoft Sentinel. This connector keeps the incidents synchronized between both portals. Microsoft Defender XDR incidents include alerts, entities, and other relevant information from all the Microsoft Defender products and services. For more information, see [Microsoft Defender XDR integration with Microsoft Sentinel](microsoft-365-defender-sentinel-integration.md).
 
-The Defender XDR connector, especially its incident integration feature, is the foundation of Microsoft's unified security operations platform. If you're onboarding Microsoft Sentinel to the Microsoft Defender portal, you must first enable this connector with incident integration.
+The Defender XDR connector, especially its incident integration feature, is the foundation of Microsoft's unified security operations platform.
 
 [!INCLUDE [unified-soc-preview](includes/unified-soc-preview.md)]
 
@@ -31,7 +31,7 @@ Before you begin, you must have the appropriate licensing, access, and configure
 - Your user must have the [Security Administrator](../active-directory/roles/permissions-reference.md#security-administrator) role on the tenant you want to stream the logs from, or the equivalent permissions.
 - You must have read and write permissions on your Microsoft Sentinel workspace.
 - To make any changes to the connector settings, your account must be a member of the same Microsoft Entra tenant with which your Microsoft Sentinel workspace is associated.
-- Install the solution for **Microsoft Defender XDR** from the **Content Hub** in Microsoft Sentinel. For more information, see [Discover and manage Microsoft Sentinel out-of-the-box content](sentinel-solutions-deploy.md).
+- If you're working in the Azure portal, install the solution for **Microsoft Defender XDR** from the **Content Hub** in Microsoft Sentinel. For more information, see [Discover and manage Microsoft Sentinel out-of-the-box content](sentinel-solutions-deploy.md). If you're working in the Defender portal, this solution is automatically installed.
 - Grant access to Microsoft Sentinel as appropriate for your organization. For more information, see [Roles and permissions in Microsoft Sentinel](roles.md).
 
 For on-premises Active Directory sync via Microsoft Defender for Identity:

articles/sentinel/sap/deployment-attack-disrupt.md

@@ -51,4 +51,4 @@ For more information, see:
 
 ## Related content
 
-For more information, see [Microsoft Sentinel in the Microsoft Defender portal (preview)](../microsoft-sentinel-defender-portal.md).
+For more information, see [Microsoft Sentinel in the Microsoft Defender portal](../microsoft-sentinel-defender-portal.md).

articles/sentinel/summary-rules.md

@@ -48,7 +48,7 @@ We recommend that you [experiment with your summary rule query](hunts.md) in the
 
 Create a new summary rule to aggregate a specific large set of data into a dynamic table. Configure your rule frequency to determine how often your aggregated data set is updated from the raw data.
 
-1. In the Defender portal, select **Microsoft Sentinel > Configuration > Summary rules (Preview)**. In the Azure portal, from the Microsoft Sentinel navigation menu, under **Configuration**, select **Summary rules (Preview)**. For example:
+1. In the Defender portal, select **Microsoft Sentinel > Configuration > Summary rules**. In the Azure portal, from the Microsoft Sentinel navigation menu, under **Configuration**, select **Summary rules (Preview)**. For example:
 
     :::image type="content" source="media/summary-rules/summary-rules-azure.png" alt-text="Screenshot of the Summary rules page in the Azure portal.":::
 

articles/sentinel/unified-connector-custom-device.md

@@ -37,7 +37,10 @@ For more information about the related Microsoft Sentinel solution for each of t
 
 The steps for collecting logs from machines hosting applications and appliances follow a general pattern:
 
-1. Create the destination table in Log Analytics (or Advanced Hunting if you're in the Defender portal).
+1. Create the destination table in one of the following locations:
+
+    - In the Defender portal, use the **Advanced Hunting** page.
+    - In the Azure portal, use Log Analytics.
 
 1. Create the data collection rule (DCR) for your application or appliance.
 

articles/sentinel/whats-new.md

@@ -4,7 +4,7 @@ description: Learn about the latest new features and announcement in Microsoft S
 author: batamig
 ms.author: bagol
 ms.topic: concept-article
-ms.date: 05/06/2025
+ms.date: 05/22/2025
 
 #Customer intent: As a security team member, I want to stay updated on the latest features and enhancements in Microsoft Sentinel so that I can effectively manage and optimize my organization's security posture.
 
@@ -20,9 +20,21 @@ The listed features were released in the last three months. For information abou
 
 ## May 2025
 
+- [All Microsoft Sentinel use cases generally available in the Defender portal](#all-microsoft-sentinel-use-cases-generally-available-in-the-defender-portal)
 - [Unified *IdentityInfo* table](#unified-identityinfo-table)
 - [Additions to SOC optimization support (Preview)](#additions-to-soc-optimization-support-preview)
 
+### All Microsoft Sentinel use cases generally available in the Defender portal
+
+All Microsoft Sentinel use cases that are in general availability, including [multi-tenant](/unified-secops-platform/mto-overview) and [multi-workspace](workspaces-defender-portal.md) capabilities and support for all government and commercial clouds, are now also supported for general availability in the Defender portal.
+
+We recommend that you [onboard your workspaces to the Defender portal](/unified-secops-platform/microsoft-sentinel-onboard?toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json) to take advantage of unified security operations. For more information, see:
+
+For more information, see:
+
+- [Microsoft Sentinel in the Microsoft Defender portal](microsoft-sentinel-defender-portal.md)
+- [Transition your Microsoft Sentinel environment to the Defender portal](move-to-defender.md)
+
 ### Unified *IdentityInfo* table
 
 Customers of Microsoft Sentinel in the Defender portal who have enabled UEBA can now take advantage of a new version of the IdentityInfo table, located in the Defender portal's *Advanced hunting* section, that includes the largest possible set of fields common to both the Defender and Azure portals. This unified table helps enrich your security investigations across the entire unified SecOps experience.
@@ -31,9 +43,10 @@ For more information, see [IdentityInfo table](ueba-reference.md#identityinfo-ta
 
 ### Additions to SOC optimization support (Preview)
 
-SOC optimization support for: 
- - **AI MITRE ATT&CK tagging recommendations (Preview)**: Uses artificial intelligence to suggest tagging security detections with MITRE ATT&CK tactics and techniques.
- - **Risk-based recommendations (Preview)**: Recommends implementing controls to address coverage gaps linked to use cases that may result in business risks or financial losses, including operational, financial, reputational, compliance, and legal risks. 
+SOC optimization support for:
+
+- **AI MITRE ATT&CK tagging recommendations (Preview)**: Uses artificial intelligence to suggest tagging security detections with MITRE ATT&CK tactics and techniques.
+- **Risk-based recommendations (Preview)**: Recommends implementing controls to address coverage gaps linked to use cases that may result in business risks or financial losses, including operational, financial, reputational, compliance, and legal risks. 
 
 For more information, see [SOC optimization reference](soc-optimization/soc-optimization-reference.md).
 

articles/sentinel/workspaces-defender-portal.md

@@ -12,7 +12,7 @@ appliesto:
 
 ---
 
-# Multiple Microsoft Sentinel workspaces in the Defender portal (preview)
+# Multiple Microsoft Sentinel workspaces in the Defender portal
 
 The Defender portal allows you to connect to one primary workspace and multiple secondary workspaces for Microsoft Sentinel. In the context of this article, a workspace is a Log Analytics workspace with Microsoft Sentinel enabled.