We are excited to announce the general availability of our new Case Management service. This represents our first step in providing a unified, security-focused case management system for Security Operations (SecOps) teams. Customers are actively using case management for threat hunting, detection tuning, and managing multiple incidents. And so can you!
We are thrilled to announce the general availability of our Case Management service, a significant milestone in our commitment to providing a unified, security-focused case management system for Security Operations (SecOps) teams. This release builds on a successful public preview phase and incorporates customer feedback to streamline and optimize your security workflows.
Recapping the Journey to Public Preview
In our previous blog post, we shared our vision for creating a case management system that addresses the unique needs of SecOps teams. Many teams using Microsoft Sentinel or Microsoft Defender XDR face challenges due to the overreliance on third-party tools to manage cases. These tools often lack the necessary security context, leading to generic views, inefficiencies in case resolution, and increased response times. Additionally, the lack of integration with SecOps workflows hinders effective communication and collaboration within and outside the Security Operations Center (SOC).
To address these challenges, we introduced the public preview of our case management service, marking the first steps towards a centralized, security-focused case management experience. This new service aims to reduce dependency on external ticketing systems by offering rich collaboration, customization, evidence collection, and reporting capabilities tailored specifically for SecOps workloads.
Even at this early phase, customers are actively using case management for threat hunting, detection tuning, and managing complex incidents.
Key Features and Enhancements
During the public preview, we introduced several foundational features that have now been refined and expanded for general availability. With our case management service, you can:
- Create and track your SecOps-related cases in one place with the new cases page.
- Define your own workflow by configuring custom status values.
- Improve collaboration, quality, and accountability by assigning tasks and due dates.
- Handle escalations and complex cases by linking multiple incidents to a case.
- Manage access to your cases using Role-Based Access Control (RBAC).
You can learn more about these capabilities in our public preview blog post and product documentation.
Looking Ahead
While this release marks a significant progression, it is only the beginning. We have an exciting roadmap ahead that includes added automation features, multi-tenant support, enhanced collaboration, and customization capabilities. These future enhancements will establish our case management system as an indispensable tool for SecOps teams, helping them stay ahead in the ever-evolving landscape of cybersecurity threats.
We invite you to explore the general availability of the Case Management feature using our unified SecOps platform. Stay tuned for more updates as we continue to innovate and enhance our offerings to better serve your security needs.
Thank you for your support and feedback as we work to enhance SecOps efficiency and effectiveness.
Updated Mar 31, 2025
Version 1.0BenNick
Microsoft
Joined November 02, 2018
Microsoft Sentinel Blog
Microsoft Sentinel is a cloud-native SIEM, enriched with AI and automation to provide expansive visibility across your digital environment.
When evaluating various solutions, your peers value hearing from people like you who’ve used the product. Review Microsoft Sentinel by filling out a Gartner Peer Insights survey and receive a $25 USD gift card (for customers only). Here are the Privacy/Guideline links: Microsoft Privacy Statement, Gartner’s Community Guidelines & Gartner Peer Insights Review Guide.