workspaces to ga

batamig · batamig · commit 24d4ef26c131 · 2025-04-24T12:16:20.000+03:00
diff --git a/unified-secops-platform/microsoft-sentinel-onboard.md b/unified-secops-platform/microsoft-sentinel-onboard.md
@@ -46,7 +46,7 @@ Before you begin, review the feature documentation to understand the product cha
 - [Alerts, incidents, and correlation in Microsoft Defender XDR](/defender-xdr/alerts-incidents-correlation)
 - [Automation with the unified security operations platform](/azure/sentinel/automation#automation-with-the-unified-security-operations-platform)
 
-The Microsoft Defender portal supports a single Microsoft Entra tenant and the connection to a primary workspace and multiple secondary workspaces (preview). If you have only one workspace when you onboard Microsoft Sentinel, that workspace is designated as the primary workspace. For more information, see [Multiple Microsoft Sentinel workspaces in the Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2310579). In the context of this article, a workspace is a Log Analytics workspace with Microsoft Sentinel enabled.
+The Microsoft Defender portal supports a single Microsoft Entra tenant and the connection to a primary workspace and multiple secondary workspaces. If you have only one workspace when you onboard Microsoft Sentinel, that workspace is designated as the primary workspace. For more information, see [Multiple Microsoft Sentinel workspaces in the Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2310579). In the context of this article, a workspace is a Log Analytics workspace with Microsoft Sentinel enabled.
 
 ### Microsoft Sentinel prerequisites
 
@@ -110,7 +110,7 @@ After your workspace is connected, the banner on the **Overview** page shows tha
 
 ## Explore Microsoft Sentinel features in the Defender portal
 
-After you connect your workspace to the Defender portal, **Microsoft Sentinel** is on the left-hand side navigation pane. If you have Defender XDR enabled, pages like  **Overview**, **Incidents**, and **Advanced Hunting** have unified data from the primary workspace for Microsoft Sentinel and Defender XDR. If you don't have Defender XDR enabled, these pages just include data from Microsoft Sentinel (preview). For more information about the unified capabilities and differences between portals, see  [Microsoft Sentinel in the Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2263690).
+After you connect your workspace to the Defender portal, **Microsoft Sentinel** is on the left-hand side navigation pane. If you have Defender XDR enabled, pages like  **Overview**, **Incidents**, and **Advanced Hunting** have unified data from the primary workspace for Microsoft Sentinel and Defender XDR. If you don't have Defender XDR enabled, these pages just include data from Microsoft Sentinel. For more information about the unified capabilities and differences between portals, see  [Microsoft Sentinel in the Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2263690).
 
 Many of the existing Microsoft Sentinel features are integrated into the Defender portal. For these features, notice that the experience between Microsoft Sentinel in the Azure portal and Defender portal are similar. Use the following articles to help you start working with Microsoft Sentinel in the Defender portal. When using these articles, keep in mind that your starting point in this context is the [Defender portal](https://security.microsoft.com/) instead of the Azure portal.
 
diff --git a/unified-secops-platform/mto-advanced-hunting.md b/unified-secops-platform/mto-advanced-hunting.md
@@ -24,8 +24,6 @@ appliesto:
 
 Advanced hunting in Microsoft Defender multi-tenant management allows you to proactively hunt for intrusion attempts and breach activity in email, data, devices, and accounts across multiple tenants and workspaces at the same time. If you have multiple tenants with Microsoft Sentinel workspaces onboarded to the Microsoft Defender portal, search for security information and event management (SIEM) data together with extended detection and response (XDR) data across multiple tenants and workspaces.
 
-Multiple workspaces per tenant are supported in multi-tenant Advanced hunting as preview.
-
 ## Run cross-tenant queries
 
 You can run any query that you already have access to in the multi-tenant management **Advanced hunting** page.
@@ -61,7 +59,7 @@ You can run any query that you already have access to in the multi-tenant manage
 
 To learn more about advanced hunting in Microsoft Defender XDR, read [Proactively hunt for threats with advanced hunting in Microsoft Defender XDR](/defender-xdr/advanced-hunting-overview).
 
-## Run cross-workspace queries (Preview)
+## Run cross-workspace queries
 
 To run queries across multiple workspaces in the same tenant, use the [workspace( ) expression](/azure/azure-monitor/logs/cross-workspace-query#query-across-log-analytics-workspaces-using-workspace), with the workspace identifier as the argument in your query to refer to a table in a different workspace.
 
diff --git a/unified-secops-platform/mto-incidents-alerts.md b/unified-secops-platform/mto-incidents-alerts.md
@@ -26,8 +26,6 @@ Multi-tenant management for Microsoft Defender XDR and Microsoft Sentinel in the
 
 Manage incidents & alerts originating from multiple tenants and workspaces under **Incidents & alerts**.
 
-Multiple workspaces per tenant are supported in multitenant management as preview.
-
 ## View and investigate incidents
 
 To view or investigate an incident:
diff --git a/unified-secops-platform/mto-overview.md b/unified-secops-platform/mto-overview.md
@@ -27,7 +27,7 @@ Multitenant management for Microsoft Defender XDR and Microsoft Sentinel in the
 
 ## Microsoft Sentinel support
 
-For each tenant, the Defender portal allows you to connect to one primary workspace and multiple secondary workspaces for Microsoft Sentinel (preview). In the context of this article, a workspace is a Log Analytics workspace with Microsoft Sentinel enabled.
+For each tenant, the Defender portal allows you to connect to one primary workspace and multiple secondary workspaces for Microsoft Sentinel. In the context of this article, a workspace is a Log Analytics workspace with Microsoft Sentinel enabled.
 
 If you have tenants with Microsoft Sentinel workspaces onboarded to the Defender portal, you're able to:
 
diff --git a/unified-secops-platform/overview-deploy.md b/unified-secops-platform/overview-deploy.md
@@ -61,7 +61,7 @@ For more information, see [Get started with Security Copilot](/copilot/security/
 
 ## Architect your workspace and onboard to Microsoft Sentinel
 
-The first step in using Microsoft Sentinel is to create a Log Analytics workspace, if you don't have one already. A single Log Analytics workspace might be sufficient for many environments, but many organizations create multiple workspaces to optimize costs and better meet different business requirements. Microsoft's unified security operations platform supports a primary workspace and multiple secondary workspaces (preview).
+The first step in using Microsoft Sentinel is to create a Log Analytics workspace, if you don't have one already. A single Log Analytics workspace might be sufficient for many environments, but many organizations create multiple workspaces to optimize costs and better meet different business requirements. Microsoft's unified security operations platform supports a primary workspace and multiple secondary workspaces.
 
 1. Create a Security resource group for governance purposes, which allows you to isolate Microsoft Sentinel resources and role-based access to the collection.
 1. Create a Log Analytics workspace in the Security resource group and onboard Microsoft Sentinel into it.
diff --git a/unified-secops-platform/whats-new.md b/unified-secops-platform/whats-new.md
@@ -6,7 +6,7 @@ ms.service: unified-secops-platform
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
-ms.date: 03/31/2025
+ms.date: 04/24/2025
 manager: orspodek
 audience: ITPro
 ms.collection:
@@ -20,6 +20,20 @@ ms.topic: concept-article
 
 This article lists recent features added into Microsoft's unified SecOps platform within the Microsoft Defender portal, and new features in related services that provide an enhanced user experience in the platform.
 
+## May 2025
+
+- [Microsoft Sentinel use cases generally available in Microsoft's unified SecOps platform](#microsoft-sentinel-use-cases-generally-available-in-microsofts-unified-secops-platform)
+
+### Microsoft Sentinel use cases generally available in Microsoft's unified SecOps platform
+
+All Microsoft Sentinel use cases that are in general availability, including [multi-tenant](mto-overview) and [multi-workspace](/azure/sentinel/workspaces-defender-portal) capabilities and support for all government and commercial clouds, are now also supported for general availability in the unified SecOps platform in the Defender portal.
+
+We recommend that you [onboard your workspaces to the Defender portal](microsoft-sentinel-onboard.md) to take advantage of a single location for all your security operations. For more information, see:
+
+<!--link to blog-->
+- [Moving to Microsoft's unified SecOps platform, by persona](https://aka.ms/move-to-defender)
+- [Microsoft Sentinel in the Microsoft Defender portal](microsoft-sentinel-defender-portal.md)
+
 ## April 2025
 
 - [Multi workspace and multi tenant support for Microsoft Sentinel (preview)](#multi-workspace-and-multi-tenant-support-for-microsoft-sentinel-preview)
