Blog Post

Microsoft Sentinel Blog
4 MIN READ

Case Management: Incidents, Cases, and When to Use Them

Matt_Lowe's avatar
Matt_Lowe
Icon for Microsoft rankMicrosoft
Jun 11, 2025

This blog is meant to help clear confusion between when to use incidents and when to use cases, as well as spread awareness of the existence of case management within the unified experience.

In March, Case Management went to GA status within the unified portal for customers. This introduced new functionality and experiences such as: A new case queue Custom statuses New Case task ...
Updated Sep 15, 2025
Version 3.0
best practices
security operations
Matt_Lowe's avatar
Icon for Microsoft rankMicrosoft
Joined March 02, 2020
View Profile
Microsoft Sentinel Blog

Microsoft Sentinel is a cloud-native SIEM, enriched with AI and automation to provide expansive visibility across your digital environment.

AdamK419's avatar
AdamK419
Copper Contributor
Oct 23, 2025

Is there a plan to add Automations to be ran from the case itself? We have other teams that would like to use the case management tool but want to run automations from the case itself especially for our DLP/insider threat teams. This was the single biggest request in our POV.