Azure Sentinel Incident View Column Chooser Reaches GA

Released in Preview in June of this year, the column chooser in the Incident blade of Azure Sentinel is now generally available.

You might think this is a pretty low value feature release, but its not. This capability allows analysts to customize the view to show only those areas of content that will be valuable to understanding the current security situation at a quick-glance. This builds efficiency.

For example, the Incident ID, the Tags, and the Product Names are probably not necessary fields to view, while we definitely want to see Severity, Status, and Last Update Time.

Additionally, the chosen columns will be saved as a custom view per user for the current session.

Now GA

P.S. There’s so much development activity around Azure Sentinel that its tough to keep up with what’s new and what’s cool. Every week there are nuanced updates and enhancements that get missed because they are not trumpeted as loudly as the big features, but they are still important.

I generally cover these through the weekly newsletter (, but different people prefer different mediums and methods to hear about the updates. So, I’m branching out a bit to supply all available avenues.

As some of you know, I’m a huge TV and movie addict – so as you can imagine, video is my preferred method for learning – even though I’ve generally been considered a writer for most of my career.

So, in concert with these regular blogs, I’ll be (where possible) also posting a V-Blog version.

First V-blog posted (let me know what you think):


[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Azure Sentinel Newsletter]