Which feature of Azure Sentinel allows for monitoring security events across different workspaces?

Cross-workspace querying is the correct choice because it provides the ability to monitor and analyze security events across multiple Azure Sentinel workspaces. This feature is particularly useful for organizations that have distributed their data across several workspaces, enabling security analysts to gain a comprehensive view of security incidents and threats without needing to consolidate data manually.

Utilizing cross-workspace querying allows analysts to run queries that can pull data from different workspaces, facilitating a more holistic analysis of security events. This centralization of information enhances situational awareness, improves incident response times, and helps in identifying broader patterns in security incidents that may not be visible when examining a single workspace.

In contrast, other options like security playbooks, incident management, and alerts and notifications serve different purposes. Security playbooks automate responses to incidents, incident management focuses on handling and tracking security incidents, and alerts and notifications are used to inform analysts about detected threats. While all these features are crucial for an effective security operations strategy, they don't specifically address the need for monitoring security events across multiple workspaces as cross-workspace querying does.