Azure Sentinel /SIEM Integration (CEF or other connector)
Most SMB's that need a FireBox are eventually going to need an SIEM. Current SIEM capabilities to look at everything through syslog are a pain, and not something most SMB's are going to want to deal with. Azure Sentinel will be the default SIEM for nearly all SMB's that use Office 365, since ingestion of O365 data is free.
So, for the SMB base, we should really get some good SIEM integration. I mean, the price of a firebox is small compared to making the syslog stuff work cleanly, and many (including us) will only be using appliances that are fully integrated into SIEMs, like Sentinel. We will be making our decision Q2 next year, as dictated by our POAM required by our contracts.