Sentinel
- Search, Basic Ingestion, Archive, and Data Restoration
- Ingestion-time transformations and Custom Logs v2
- Advanced Security Information Model (ASIM) — out of the box
- MITRE view
- Run playbooks on incidents on demand
- Run playbooks on workbooks on demand
- Azure Purview Integration
- Codeless Connector Platform
- Large Watchlists
Defender for Cloud
- Native CSPM for GCP and threat protection for GCP compute instances
- Microsoft Defender for Azure Cosmos DB
- Microsoft Defender for Cloud — Price Estimation Dashboard
Identity
- CloudKnox Permissions Management
- Azure AD Identity Protection — Workload Identities
- Defender for Identity — Defender 365 Portal
- Defender for Identity — Remediation actions that target on-premises accounts
- Multi-stage access reviews
Azure Security
- Azure Payment HSM
- Application Gateway mutual authentication
- Resource configuration changes logging
– Application Change Analysis - New performance and logging capabilities in Azure Firewall
- Inline DDoS Protection with Gateway Load Balancer
– Introducing L3–7 DDoS Protection for Microsoft Azure Tenants | A10 Networks