Microsoft Sentinel
- Automation Rules now generally available
- Next Evolution of the Microsoft Sentinel Zero Trust (TIC 3.0) Solution
- Search and filter UI enhancements in Watchlists
- Log Analytics Results Upgrade
- Azure Monitor Agent on Windows Devices
Defender for Cloud
- Security posture management and server protection for AWS and GCP are now generally available
- Secure Score and Resource Health extended coverage for AWS and GCP
- New Defender for Servers plans
- Support for the Defender for Endpoint unified agent for Windows Server 2012 R2 and 2016 (Preview)
- Relocation of custom recommendations
- PowerShell script to stream alerts to Splunk and IBM QRadar
- New Ransomware Recommendation Dashboard in Microsoft Defender for Cloud
- Policy Distribution Dashboard for Microsoft Defender for Cloud
Defender for Endpoint
- Unified submissions in Microsoft 365 Defender now in public preview
- Unified solution package for Server 2012 R2 and Server 2016
Defender for Office 365
Identity
- Dynamic administrative units now in public preview for users & devices
- New detections in Azure Active Directory (Azure AD) Identity Protection
- Updating best practices for Domain Controllers
Azure Security
- Azure Bastion support for Kerberos authentication
- Azure Bastion Native Client support for Azure AD Authentication