Skip to content

feature-availability.md

Latest commit

 

History

History
209 lines (165 loc) · 13.5 KB

feature-availability.md

File metadata and controls

209 lines (165 loc) · 13.5 KB
title Microsoft Sentinel feature support for Azure commercial/other clouds
description This article describes feature availability in Microsoft Sentinel across different Azure environments.
author batamig
ms.author bagol
ms.topic feature-availability
ms.custom references_regions
ms.service microsoft-sentinel
ms.date 08/21/2025

Microsoft Sentinel feature support for Azure commercial/other clouds

This article describes the features available in Microsoft Sentinel across different Azure environments. Features are listed as GA (generally available), public preview, or shown as not available.

Note

These lists and tables do not include feature or bundle availability in the Azure Government Secret or Azure Government Top Secret clouds. For more information about specific availability for air-gapped clouds, please contact your account team.

[!INCLUDE azure-21vianet-retirement]

Experience in the Defender portal

Microsoft Sentinel is also available in the Microsoft Defender portal. In the Defender portal, all features in general availability are available in commercial, GCC, GCC High and DoD clouds. Features still in preview are available only in the commercial cloud.

For more information, see Microsoft Defender XDR for US Government customers.

Analytics

Feature Feature stage Azure commercial Azure Government Azure operated by 21Vianet
Analytics rules health Public preview Yes No No
MITRE ATT&CK dashboard Public preview Yes Yes Yes
NRT rules GA Yes Yes Yes
Recommendations Public preview Yes Yes No
Scheduled and Microsoft rules GA Yes Yes Yes

Content and content management

Feature Feature stage Azure commercial Azure Government Azure operated by 21Vianet
Content hub and solutions GA Yes Yes Yes
Repositories Public preview Yes No No
Workbooks GA Yes Yes Yes

Data collection

Feature Feature stage Azure commercial Azure Government Azure operated by 21Vianet
Amazon Web Services GA Yes Yes No
Amazon Web Services S3 GA Yes Yes No
Microsoft Entra ID GA Yes Yes Yes1
Microsoft Entra ID Protection GA Yes Yes No
Azure Activity GA Yes Yes Yes
Azure DDoS Protection GA Yes Yes No
Azure Firewall GA Yes Yes Yes
Azure Information Protection (Preview) Deprecated No No No
Azure Key Vault Public preview Yes Yes Yes
Azure Kubernetes Service (AKS) Public preview Yes Yes Yes
Azure SQL Databases GA Yes Yes Yes
Azure Web Application Firewall (WAF) GA Yes Yes Yes
Cisco ASA GA Yes Yes Yes
Codeless Connectors Platform Public preview Yes No No
Common Event Format (CEF) GA Yes Yes Yes
Common Event Format (CEF) via AMA GA Yes Yes Yes
DNS Public preview Yes No Yes
GCP Pub/Sub Audit Logs Public preview Yes Yes No
Microsoft Defender XDR GA Yes Yes No
Microsoft Purview Insider Risk Management (Preview) Public preview Yes Yes No
Microsoft Defender for Cloud GA Yes Yes Yes
Microsoft Defender for IoT GA Yes Yes No
Microsoft Power BI (Preview) Public preview Yes Yes No
Microsoft Project (Preview) Public preview Yes Yes No
Microsoft Purview (Preview) Public preview Yes No No
Microsoft Purview Information Protection Public preview Yes No No
Microsoft Sentinel solution for Microsoft Business Apps GA Yes Yes Yes
Office 365 GA Yes Yes Yes
Summary rules GA Yes No No
Syslog GA Yes Yes Yes
Syslog via AMA GA Yes Yes Yes
Windows DNS Events via AMA GA Yes Yes Yes
Windows Firewall GA Yes Yes Yes
Windows Forwarded Events GA Yes Yes Yes
Windows Security Events via AMA GA Yes Yes Yes

1 Supports only sign-in logs and audit logs.

Hunting

Feature Feature stage Azure commercial Azure Government Azure operated by 21Vianet
Bookmarks GA Yes Yes Yes
Hunts Public preview Yes No No
Livestream GA Yes Yes Yes
Queries GA Yes Yes Yes
Restore historical data GA Yes Yes Yes
Search large datasets GA Yes Yes Yes

Incidents

Feature Feature stage Azure commercial Azure Government Azure operated by 21Vianet
Add entities to threat intelligence Public preview Yes Yes Yes
Advanced and/or conditions GA Yes Yes Yes
Automation rules GA Yes Yes Yes
Automation rules health Public preview Yes Yes No
Create incidents manually GA Yes Yes Yes
Cross-tenant/Cross-workspace incidents view GA Yes Yes Yes
Incident advanced search GA Yes Yes Yes
Incident tasks GA Yes Yes Yes
Microsoft Defender XDR incident integration GA Yes Yes No
Microsoft Teams integrations Public preview Yes Yes No
Playbook template gallery Public preview Yes Yes No
Run playbooks on entities GA Yes Yes Yes
Run playbooks on incidents GA Yes Yes Yes
SOC incident audit metrics GA Yes Yes Yes

Machine Learning

Feature Feature stage Azure commercial Azure Government Azure operated by 21Vianet
Anomalous RDP login detection - built-in ML detection Public preview Yes Yes No
Anomalous SSH login detection - built-in ML detection Public preview Yes Yes No
Fusion - advanced multistage attack detections 1 GA Yes Yes Yes

1 Partially GA: The ability to disable specific findings from vulnerability scans is in public preview.

Managing Microsoft Sentinel

Feature Feature stage Azure commercial Azure Government Azure operated by 21Vianet
Workspace manager Public preview Yes Yes No
SIEM migration experience GA Yes No No

Normalization

Feature Feature stage Azure commercial Azure Government Azure operated by 21Vianet
Advanced Security Information Model (ASIM) Public preview Yes Yes Yes

Notebooks

Feature Feature stage Azure commercial Azure Government Azure operated by 21Vianet
Notebooks GA Yes Yes Yes
Notebook integration with Azure Synapse Public preview Yes Yes Yes

SOC optimizations

Feature Feature stage Azure commercial Azure Government Azure operated by 21Vianet
SOC optimizations Supported for production use Yes No No

SAP

Feature Feature stage Azure commercial Azure Government Azure operated by 21Vianet
Threat protection for SAP GA Yes Yes Yes
Agentless data connector Limited preview Yes No No

Threat intelligence support

Feature Feature stage Azure commercial Azure Government Azure operated by 21Vianet
GeoLocation and WhoIs data enrichment Public preview Yes No No
Import TI from flat file Public preview Yes Yes Yes
Threat Intelligence Platform data connector Public preview Yes No No
Threat Intelligence Research page GA Yes Yes Yes
Threat Intelligence - TAXII data connector GA Yes Yes Yes
Microsoft Defender for Threat Intelligence connector Public preview Yes No No
Microsoft Defender Threat intelligence matching analytics Public preview Yes No No
Threat Intelligence workbook GA Yes Yes Yes
URL detonation Public preview Yes No No
Threat Intelligence Upload Indicators API Public preview Yes No No

UEBA

Feature Feature stage Azure commercial Azure Government Azure operated by 21Vianet
Active Directory sync via MDI Public preview Yes Yes No
Azure resource entity pages Public preview Yes Yes No
Entity insights GA Yes Yes Yes
Entity pages GA Yes Yes Yes
Identity info table data ingestion GA Yes Yes Yes
IoT device entity page Public preview Yes Yes No
Peer/Blast radius enrichments Public preview Yes No No
SOC-ML anomalies GA Yes Yes No
UEBA anomalies GA Yes Yes No
UEBA enrichments\insights GA Yes Yes Yes

Watchlists

Feature Feature stage Azure commercial Azure Government Azure operated by 21Vianet
Large watchlists from Azure Storage Public preview Yes No No
Watchlists GA Yes Yes Yes
Watchlist templates Public preview Yes No No

Next steps

In this article, you learned about available features in Microsoft Sentinel.