You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/whats-new.md
+44-1Lines changed: 44 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: Learn about the latest new features and announcement in Microsoft S
4
4
author: batamig
5
5
ms.author: bagol
6
6
ms.topic: concept-article
7
-
ms.date: 07/16/2025
7
+
ms.date: 07/17/2025
8
8
#Customer intent: As a security team member, I want to stay updated on the latest features and enhancements in Microsoft Sentinel so that I can effectively manage and optimize my organization's security posture.
9
9
ms.custom:
10
10
- build-2025
@@ -20,10 +20,53 @@ The listed features were released in the last six months. For information about
20
20
21
21
## July 2025
22
22
23
+
-[Microsoft Sentinel data lake (preview) ](#microsoft-sentinel-data-lake-preview)
24
+
-[Table management and retention settings in the Microsoft Defender portal](#table-management-and-retention-settings-in-the-microsoft-defender-portal)
25
+
-[Microsoft Sentinel data lake permissions integrated with Microsoft Defender XDR unified RBAC (Preview)](#microsoft-sentinel-data-lake-permissions-integrated-with-microsoft-defender-xdr-unified-rbac-preview)
23
26
-[For new customers only: Automatic onboarding and redirection to the Microsoft Defender portal](#for-new-customers-only-automatic-onboarding-and-redirection-to-the-microsoft-defender-portal)
24
27
-[No limit on the number of workspaces you can onboard to the Defender portal](#no-limit-on-the-number-of-workspaces-you-can-onboard-to-the-defender-portal)
25
28
-[Microsoft Sentinel in the Azure portal to be retired July 2026](#microsoft-sentinel-in-the-azure-portal-to-be-retired-july-2026)
26
29
30
+
### Microsoft Sentinel data lake (preview)
31
+
32
+
Microsoft Sentinel is now enhanced with a modern data lake, purpose-built to streamline data management, reduce costs, and accelerate AI adoption for security operations teams. The new Microsoft Sentinel data lake offers cost-effective, long-term storage, eliminating the need to choose between affordability and robust security. Security teams gain deeper visibility and faster incident resolution, all within the familiar Sentinel experience, enriched through seamless integration with advanced data analytics tools.
33
+
34
+
Key benefits of the Microsoft Sentinel data lake include:
35
+
+ Single, open-format data copy for efficient and cost-effective storage
36
+
+ Separation of storage and compute for greater flexibility
37
+
+ Support for multiple analytics engines to unlock deeper insights from your security data
38
+
+ Native integration with Microsoft Sentinel, including the ability to select tiering for log data across analytics and lake tiers
39
+
For more information, see
40
+
41
+
Explore the data lake using KQL queries, or use the new Microsoft Sentinel data lake notebook for VS Code to visualize and analyze your data.
42
+
43
+
For more information, see:
44
+
45
+
-[Microsoft Sentinel data lake](datalake/sentinel-lake-overview.md)
46
+
-[KQL and the Microsoft Sentinel data lake (preview)](datalake/kql-overview.md)
47
+
-[Jupyter notebooks and the Microsoft Sentinel data lake (preview)](datalake/notebooks-overview.md)
48
+
-[Data lake tech blog](https://aka.ms/datalaketechblog)
49
+
50
+
### Table management and retention settings in the Microsoft Defender portal
51
+
52
+
Table management and retention settings are now available in the Microsoft Defender portals. You can view and manage table settings in the Microsoft Defender portal, including retention settings for Microsoft Sentinel and Defender XDR tables, and switch between analytics and data lake tiers.
53
+
54
+
For more information, see:
55
+
+[Manage data tiers and retention in Microsoft Sentinel (preview)](manage-data-overview.md)
56
+
+[Configure table settings in Microsoft Sentinel (preview)](manage-table-tiers-retention.md).
57
+
58
+
59
+
### Microsoft Sentinel data lake permissions integrated with Microsoft Defender XDR unified RBAC (preview)
60
+
61
+
Starting in July 2025, Microsoft Sentinel data lake permissions are provided through Microsoft Defender XDR unified RBAC. Support for unified RBAC is available in addition the support provided by global Microsoft Entra ID roles.
62
+
63
+
For more information, see:
64
+
65
+
-[Microsoft Defender XDR Unified role-based access control (RBAC)](/defender-xdr/manage-rbac)
66
+
-[Create custom roles with Microsoft Defender XDR Unified RBAC](/defender-xdr/create-custom-rbac-roles)
67
+
-[Permissions in Microsoft Defender XDR Unified role-based access control (RBAC)](/defender-xdr/custom-permissions-details)
68
+
-[Roles and permissions for the Microsoft Sentinel data lake (Preview)](/azure/sentinel/roles#roles-and-permissions-for-the-microsoft-sentinel-data-lake-preview)
69
+
27
70
### For new customers only: Automatic onboarding and redirection to the Microsoft Defender portal
28
71
29
72
For this update, new Microsoft Sentinel customers are customers who are [onboarding the first workspace in their tenant to Microsoft Sentinel](quickstart-onboard.md) on or after **July 1, 2025**.
0 commit comments